1 in 5 security pros feel prepared vs attacks, but wont bet on it

One in every five leaders and security professionals would not bet a chocolate bar they could prevent a damaging breach, even if 97% of them say that their organisation is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago.

This was a highlight of results from Ivanti’s State of Security Preparedness 2023 study, which covered 6,500 executive leaders, cybersecurity professionals and office workers in a survey done in October 2022 by Ravn Research.

MSI Advance Customer Insights recruited the respondents, who were based in nine markets including the United States, the United Kingdom, The Netherlands, France, Germany, China, India, Japan, and Australia.

The study found that organisations are racing to fortify against cyber-attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. 

While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.

“Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands,” said Srinivas Mukkamala, chief product officer at Ivanti. 

“To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise and even address vulnerabilities without excess manual intervention,” said Mukkamala.

Cybersecurity insiders view phishing, ransomware and software vulnerabilities as top industry-level threats for 2023. 

Half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption and malicious employees, but expected safeguards such as deprovisioning credentials is ignored a third of a time.

Nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.

The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers. 

Additionally, more than one-third of leaders have clicked on a phishing link, nearly a quarter use easy-to-remember birthdays as part of their password, they are much more likely to hang on to passwords for years, and they are five times more likely to share their password with people outside the company.

One respondent shared that they have experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even their most experienced staff are falling prey to it.