Despite increased security spending, cyber incidents continue to plague organizations, as 70% of companies report being a victim of a successful attack or breach in the past year, according to a Thursday report from Cyren and Osterman Research provided exclusively to TechRepublic.
The report surveyed IT and security managers across more than 200 US and Canadian companies in different industries. Of those, 49% said they had seen their security-related costs increase by an average of 18% over the past year. No respondents reported a decrease in cybersecurity costs, the report found.
The most successful attack types reported were viruses, worms, or other malware infections (49%), phishing attacks (44%), and accidental information loss by employees or contractors (34%), the report found.
SEE: Security awareness and training policy (Tech Pro Research)
Moving forward, IT and security professionals surveyed said they were either highly concerned or extremely concerned about the following cyberthreats, the report found:
- Ransomware attacks (67%)
- A breach of sensitive or confidential data (66%)
- Phishing attacks (62%)
- Malware infiltration through HTTPS/SSL web traffic (54%)
- Targeted attacks/zero-day exploits (54%)
- Shadow IT/employees using unauthorized cloud apps and services (48%)
- Endpoints compromised by botnets (46%)
- Cryptocurrency mining malware being installed on internal PCs or servers (45%)
- Use of CPU by cryptocurrency miners when users visit websites (38%)
- Employees surfing websites that violate company policies (36%)
While professionals still consider ransomware a top threat, phishing remains the bigger problem for many in reality, the report found, as 44% of organizations said they suffered a successful phishing attack in 2018—up from 30% in 2017. Each organization faced an average of 11.4 successful phishing attacks in the past year, according to the report.
The outbreak of these attacks has led 93% of organizations to give their employees some kind of phishing awareness training, the report found, but clearly, these trainings may not be entirely effective.
“Business IT decision-makers clearly need to take a fresh look at their security in order to combat the rising tide of phishing,” Michael Osterman, principal analyst of Osterman Research, said in a press release.