The rate of IT security incidents increases with the size of the company
The rate of computer security incidents increases as Microsoft 365 security features are used, according to Hornetsecurity. Organizations using Microsoft 365 that use 1 or 2 of its stock security features reported attacks 24.4% and 28.2% of the time, respectively, while those using 6 or 7 features reported attacks respectively 55.6% and 40.8% of the time.
Overall, it was found that 3 in 10 organizations (29.2%) using Microsoft 365 reported a known security incident in the past 12 months.
What do IT security professionals say?
Hornetsecurity experts say these findings could be due to a number of factors. They highlight the likelihood that organizations with a high number of security features implemented have done so following sustained cyberattacks over a period of time, in an attempt to mitigate security threats.
They also suggest that the more security IT teams attempt to implement, the more complex the security system becomes. Features can be misconfigured, leaving vulnerabilities. This is supported by the fact that 62.6% of respondents indicated that the main barrier to implementing security functionality in their organization is “lack of time or resources”.
Another theory is that using more features can contribute to a false sense of security within the organization. This might cause it to stop paying close attention to potential security threats, thinking that all these features will protect them without having to put in extra active effort.
“It’s a game of cat and mouse. As you grow, you add security features, but you also become more vulnerable to attack because you are a more lucrative target. Still, you need to stay one step ahead of the criminals trying to harm your organization. Our survey results clearly showed that relying on inventory security features for digital security is insufficient,” said Daniel Hofmann, CEO of Hornetsecurity.
“Organizations must proactively find ways to identify invisible vulnerabilities and take a diligent and holistic approach to cybersecurity, rather than relying on what is available and reacting only when it is too late.”
The number of security incidents is related to the size of the company
18.5% of companies with 1 to 50 employees have been the target of an IT security incident during the past year. Although this is a disturbingly high incidence rate, it is by far the lowest of all height categories documented in this survey.
23.2% of organizations with 51-200 employees were targeted, as well as 25.8% of those with 201-500 employees. Organizations with 500-999 employees were targeted 40.8% of the time, while half of surveyed organizations with more than 1,000 employees reported an attack.
This trend clearly shows that cyberattacks are common in all organizations, but it seems clear that as an organization grows, the rate at which it is targeted increases dramatically. Security efforts when a company has less than 500 employees are obviously not enough to protect organizations as they grow beyond that number.
What are the barriers to implementing security features in their organizations?
Surprisingly, 25.7% of respondents who employ more than 50 people and have compliance requirements do not employ a dedicated compliance officer or IT security officer. Several factors contribute to the lack of attention paid to IT security and compliance in medium and large enterprises.
62.6% of IT professionals indicate that “lack of time or resources” is the main barrier to implementing security features in their organization. Next, respondents cite a “lack of budget” (44.6%), “problems with skills and/or a lack of knowledge” (36.2%) and a “lack of interest from management” (23 .1%).
All of the above findings indicate a general lack of urgency surrounding security within organizations. Only 2% of respondents said they had no security barriers, and more than half of respondents (55.5%) said their organization did not have a process in place to track and change review – an essential tool for identifying security threats. .