Radware, a leading provider of cyber security and application delivery solutions, released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber-attack. This comes as technology and privacy concerns present greater challenges in improving overall security posture.
“A ransom payment may make the problem go away for now, but these types of responses won’t drive a business forward,” said Anna Convery-Pelletier, Chief Marketing Officer at Radware. “A reactionary security strategy limits an organization’s ability to secure customer data, protect their brand’s reputation, and achieve business goals. Investing in appropriate security solutions is no longer simply an IT expense, it is fundamental to a business’ long term success.”
According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers.
Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks. In a sign that consumers will not accept data breaches, 41% of executives noted their organization faced legal action from customers following a breach. At the same time, executives stated that their biggest concerns associated with cyber-attacks are customer loss (41%) and brand reputation loss (34%).
In the midst of all this, organizations still struggle to implement tools that would drastically improve their cybersecurity posture. While more than one in three (35%) executives noted that encrypted attacks would be detrimental to their organization, 41% reported that they continue to review the legalities of decrypting traffic on their network, a process needed to significantly reduce the threat of encrypted threats.
In addition, Radware’s 2018 Executive Application & Network Security Report revealed:
Have we reached an automation tipping point? The complexity of networks and changing attack vectors have led companies to invest in automated and machine-learning security tools. Over the past two years, 71% of executives report shifting network security spending to investments in automated security.
Gaps between clouds create major security risk. More than 90% of executives report using multiple public and private cloud environments as part of their companies’ IT infrastructure, and most companies host up to 50% of their business applications in the cloud. C-suite executives clearly understand that dispersing their network across multiple public and private clouds introduces security risks however. The vast majority of respondents (96%) are very or somewhat concerned about network vulnerabilities created by using multiple clouds.
“Businesses are trying to increase operational efficiency by moving to cloud infrastructure,” continued Convery-Pelletier. “Spreading apps across the cloud can increase network agility, improve scalability, and manage cost. However, most organizations only secure the individual cloud environments, and without looking at securing the network as a whole, they create gaps between the clouds.”
Executives reveal their most detrimental security threats: 38% of executives report daily or weekly attacks. Executives feared social engineering (38%), Ransomware (38%) and Malware (37%) as the most detrimental to their business, followed closely by IoT botnet powered DDoS attacks (35%), and Encrypted (35%) attacks.
Nation state attacks motivate security upgrades for American organizations. U.S. executives in particular were more likely than their peers in EMEA and APAC to say that attacks by nation-states have influenced security changes. More than half of U.S. executives pointed to nation-state threats as a motivator, while just 30% in the APAC region, and 41% in the EMEA region said so.
Companies react when peers are attacked. Approximately 61% of executives said that watching attacks on peer companies influenced their decision to change security policy. Almost as many, 59%, said attacks on their own organizations had prompted changes in their security posture.
The report provides a detailed analysis of the views and insights from more than 200 senior leaders at organizations across the globe. To read the full report on the survey’s findings, download it here.