One in three IT security managers do not have a formal cybersecurity incident response plan
Regardless of industry, information security incidents have become a more targeted threat to businesses, increasing in quantity and effectiveness, according to GetApp’s 2021 Data Security Report.
Of all the security incidents identified by more than 900 employees surveyed at US companies, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and widespread password reuse .
- Respondents indicated that phishing emails had almost tripled in effectiveness over the past two years. Phishing emails quickly become harder to spot and therefore much more destructive.
- Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for companies in specific industries, such as banking and financial services and construction, with higher payouts.
- The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times more common among people who reuse passwords than among those who don’t.
“Data security threats are increasingly targeting individual victims, whether it’s a phishing program targeting a specific person or ransomware attacks against a specific company,” said Zach Capers , senior analyst at GetApp. “Companies need to increase their security training efforts and strengthen their networks to protect against today’s increasingly sophisticated cybercriminals.”
Alarmingly, 23% of IT security managers surveyed say their company does not have protocols in place to report a suspected cyberattack and 33% do not have a formal cybersecurity incident response plan.