Sixty-one percent of IT security professionals report experiencing a data breach at their current employer, according to an April 29 report from McAfee.
When it comes to data breaches, McAfee found that “confidential data is being stolen by a wide range of vectors, both electronic and physical.” More specifically, the top vectors impacted by attacks are cloud applications, database leaks, and removable USB drives.
Interestingly, while cloud apps and infrastructure are widely deployed in organizations across every sector, the cloud does not appear to “result in any more data theft than traditional networks and data centers.” The report explained that “almost half of the organizations surveyed (46 percent) use a hybrid cloud/on-premises data storage approach, 29 percent are cloud only, and 25 percent keep their data on premises. Around two-thirds (63 percent) of the breaches experienced by the respondents occurred on traditional networks, and one-third were on cloud infrastructure.”
In the report, McAfee stressed that even with “the substantial increase in cloud usage over the past three years, this ratio has remained the same, pointing to the potentially effective security available for or from cloud providers.” However, despite the ratio holding steady, the report noted that IT security professionals remain concerned about securing the cloud.
In terms of bolstering cybersecurity, companies are taking a few paths. Roughly half of organizations are investing in new security technologies, 30 percent of survey respondents are focusing on enhancing their workforce’s skill levels, and 22 percent are making changes to their business processes.
The report also highlighted a few positives, mainly that the majority (61 percent) of data breaches are now detected by the organization’s internal security team. This is a significant increase from 47 percent in 2016. The report credits this increase to internal security teams expanding their security activities “from primarily prevention to encompass rapid detection and remediation.”
When it comes to who should experience the consequences of a breach, the report explained there is “a strong sense of personal responsibility within IT, which many respondents think should extend to the executive levels. A majority believe that C-level executives should lose their jobs after a serious breach.”