Following the massive cyber attacks that have hit in 2017, more than two-thirds of infosec professionals felt that their organizations were lacking in security improvements after the WannaCry and NotPetya attacks.
A survey conducted by Tripwire at Black Hat of 108 security practitioners shows the majority of respondents felt their companies should be doing more to protect against large-scale cyber attacks.
Tim Erlin, VP at Tripwire, said, “No matter how big or small your organization is, you have to have a serious attitude towards security. If you were lucky enough not to have been effected by WannaCry or Petya take it as a sign. Remember, you don’t have nine lives. All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover."
While 68% felt that their organizations hadn't done enough to improve security following the WannaCry and NotPetya attacks, 28% said network device discovery was the most prominent issue being ignored.
Vulnerability management (14%), administrative privilege management (6%), and audit log reviews (6%) were next in terms of unaddressed issues.
However, on the bright side, 85% reported that following these global cyber attacks, their companies were investing in new security solutions.
“Adopting best practices and leveraging critical security controls will continue to be the best bet for defending against advanced adversaries and can help close the gap within a business’s security infrastructure. There is research that supports the claim that the vast majority of attacks are due to known vulnerabilities and most of these breaches occur from exploits that have been left unpatched. It is important to understand that good security hygiene will greatly reduce the effectiveness of an attack and goes a long way to making the attackers job more difficult,” Erlin said.
