Businesses Confident About Cybersecurity

In a year that has seen multiple massive data breaches and troubling cyberattacks, a new survey reveals 87 percent of businesses are “confident in their cybersecurity preparedness.” The survey, from SolarWinds MSP, included 400 businesses from the US and UK. Other findings in the survey:

• 71 percent of businesses experienced a security breach “in the previous year”
• 31 percent suffered a DDoS attack or fraud, the same percentage of respondents experienced a “malicious insider attack,” and 28 percent were hit with ransomware
• 61 percent count on growing cybersecurity budgets to improve security in the coming year

Let’s give these businesses the benefit of the doubt. The Equifax breach, for one, got a lot of press, the type of visibility that could make organizations—even the ones that haven’t been hacked—want to improve their cybersecurity game. If businesses are willing to spend more on cybersecurity measures, their confidence may be warranted.

What’s more, there are new tools they can use to increase security. Data recovery firm Kroll OnTrack reports that IBM Z, a data encryption system, can encrypt 13 GB of data per second per chip, with a total of 24 chips in the mainframe. Each day, IBM Z can run more than 12 billion encrypted transactions. This tool is primarily for enterprises that process financial transactions, which, if you think about it, includes quite a few organizations, given the volume of credit card payments people make each day, and the volume of e-commerce we’re seeing. Visanet alone handles 150 million transactions daily.

SImply put, the volume of data businesses need to protect is astronomical, and track records aren’t great. About 9 billion records have been compromised since 2013, and 96 percent of the data wasn’t encrypted. While the businesses in SolarWinds’ survey are confident, a report from Juniper Research estimates that data breaches will cost firms about $8 trillion by 2022.

There are a lot of security practices that are going to have to change. About 68 percent of organizations don’t do regular security audits, and less than half deployed new security technology after a breach. Companies storing their data in the cloud must have an incident response plan in place, because cloud providers are likely to get hacked. Yet, for 44 percent of organizations surveyed, response times to data breaches have increased since 2016.

Perhaps cybersecurity hubris is a result of businesses having confidence in the future of cloud security. After all, the top cloud providers—Amazon, Microsoft, and Google—have a lot at stake when it comes to making sure their clouds are secure, and these companies employ some of the best people in the business. Yet according to Earl Perkins, Gartner’s research vice president, “It’s possible cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies.” Enterprises are generating so much data that public cloud solutions may not continue to be a viable solution for secure storage. Furthermore, security teams are facing a shortage in talent, meaning security solutions may not be able to evolve as fast as threats.

Businesses must inject confidence with a level of realism. They aren’t going to be able to deter all threats, but they can make sure the most important data are backed up in more than just two places. They can use increasing cybersecurity budgets for tools such as IBM’s new encryption mainframe and deception tools that lure hackers to fake networks, as well as virtual browsers that foil phishing scams. It’s good businesses are confident—they just have to back confidence up with proactivity.

By Daniel Matthews