Cybersecurity has become a vital part of today's market. New threats are constantly being deployed and targeting businesses, meaning cybersecurity teams need to be vigilant to take care of the corporate network and keep their business safe from unforeseen data breaches.
To build an effective cybersecurity strategy, we need to first understand the existing threats and security strategies organizations use to mitigate them. We at ManageEngine conducted a recent survey in order to study various approaches towards cybersecurity. Our survey, titled "A look at evolving cybersecurity threats and their impact across industries," targeted global IT security professionals in both public and private sectors.
Digital transformation and easy access to the internet have greatly benefited our society, but they've also contributed towards the evolution of cyberattacks. In our survey, 35 percent of professionals showed a lack of cybersecurity awareness, and 26 percent lack proper cybersecurity controls.
Attack methods vary based on the attacker and the security of the target network, businesses can be affected in different ways by cyberattacks; they could suffer productivity loss, financial loss, damage to brand name or reputation, and more.
The scope and source of cyberattacks is quite vast due to widespread internet access and constantly evolving techinology. However, during our study, we were able to identify a few prominent areas where cyberattacks typically penetrate corporate networks. Emails are the top source of cyberattacks, followed by distributed devices.
Organizations utilize many different types of devices, and securing all of them from external threats can be demanding, but cybersecurity professionals should focus on securing the most critical and the most vulnerable resources first. Based on our cybersecurity research, servers, smartphones and laptops are the most vulnerable devices in a business environment.
There are number of ways an organization's devices can be breached. Based on our study, malware and phishing are the most common cyberattacks occurring in the market. These types of attacks wreak havoc, affect productivity, and bring in unnecessary expenditure to a business.
Since malware is a top concern for businesses in 2020, we wanted to identify the different types and their impacts on industries. We handpicked common types of malware like ransomware, trojans, worms, spyware, and adware to study their impact on businesses. Based on the results, we found that ransomware is the primary source of cyberattacks, followed by worms.
Businesses can overcome these cyber-challenges by establishing a few basic security controls for their business. To do that, they must understand their critical touch points and deploy the right controls to nullify cyberattacks. These security controls are based on the Center for Internet Security (CIS) framework, and, in our research, we identified inventory and control of hardware assets as the primary concern for a business, followed by inventory and control of software.
Understanding the importance of basic security controls, we also asked respondents about their current security needs. The results show that browser security is a priority for many businesses, as malware defense tops the list, followed by email and web browser protection.
That being said, organizational security controls play a critical role compared to basic and foundational controls; these other two levels of cybersecurity strategies aren't successful unless your C-level executives contribute to them equally. Below are our findings on organizational security controls and their expectations in the market.
After understanding cybersecurity challenges and procedures, it's time for implementation, which can be a demanding task. Typically, the Chief Information Officer (CIO) will develop and implement a cybersecurity strategy, while the senior IT administrator will help facilitate it.
Once these security controls are ready to be implemented, the next step is to understand what factors to consider for improving the enterprise's overall security. According to our research, it's a cumulative decision that depends on employing the right tools, creating awareness, and recruiting skilled cybersecurity professionals.
Corporate networks consist of servers, desktops, laptops, and mobile devices, all of which can fall victim to cyberattacks if targeted. Based on our study, we identified the best place to start implementing controls are firewalls, followed by endpoints.
When it comes to mobile device security, the primary concern is email security management, followed by app management.
Moreover, when it comes to server security management, virtual server management is a primary concern for cybersecurity.
Unified endpoint management is another interesting field of research; almost all types of devices are included, but the primary concern for security professionals regarding endpoints is automated patch management, followed by software distribution, then Internet of things (IoT) management.
Above all else, the research and data we obtained showed that only 27 percent of businesses have the above mentioned critical security controls in place, and 73 percent of them have yet to deploy and implement them.