When it comes to how successful business will be at defending against the top attacks of the day, the results are sadly lackluster: research reveals that only 3% of organizations have the technology and only 10% have the skills in place to address them. Ransomware alone has the potential to inflict the most significant damage to organizations in 2017, yet not even half of those surveyed have the skills (44%) or the technology (43%) to effectively combat it.
The survey didn’t tell us that 3% organizations are all the organizations or only those which were attacked. If it is only those which were attacked, then I think this number is fair because I believe hackers will do researches before hacking, so they will choose organizations which didn’t have enough skills or technologies. I would like to think big companies most having the abilities to address top treats like ransomware, or they will do a great job on protecting themselves from these attacks.
Link: https://www.infosecurity-magazine.com/news/only-3-of-orgs-can-address-top/
I agree that ransomware is a top threat right now. I found it interesting that two of three respondents use security standards or frameworks to set their foundational controls, but 65% of respondents also indicated that the lack the ability to enforce their required controls. 93% felt that if they could enforce these foundational controls, it would mitigate the risk. So we all agree with the controls required to reduce this risk, but seems there is a lack the skills and or funding to implement the controls.
Great article Mengxue! This will depend on how we define “Address Top Threats like Ransomware.” The 3% number is likely to be higher when it comes to organizations that can defend themselves against ransomware and I assert this for two reasons. First, let’s think about an organization that doesn’t have proper technology and skills in-house to combat ransomware. This company can outsource the backup of its information assets along with proper mechanism to quarantine and remove attackers in its network. Detecting illegal users would not be necessary at this point because if a hacker can hold information hostage, this means he is sitting somewhere in your network. So, hire a reputable company to handle this. Secondly, a proper backup procedure should also be a good strategy against ransomware. Yes, information will land in the wrong hands, but at least this organizations can resume production operations faster. This is where it becomes critical to have someone watching in the black market because rest assured stolen information will be sold there. Maybe it would be better to say “Only X Number of Orgs Can Afford to Address Top Threats like Ransomware.” I can assure you it will be more than 3% if that was the case.