2018 Cybersecurity Report
Guide

2018 Top Cybersecurity Risks and Mitigation Strategies

Protecting your organization from cyberthreats has never been more important.

In March 2018, HelpSystems surveyed more than 650 IT and cybersecurity professionals around the world to uncover their top concerns, threats, and protective strategies. The findings revealed:

  • A surprising 28% of respondents say compliance doesn’t apply to them—even as compliance regulations are on the rise.
  • Ransomware and phishing are the top two concerns for IT and security teams—and now is the time to take preventative action.
  • 65% of companies struggle to balance strong security with business efficiency—but even small companies can achieve this with the right training and tools.

Keep reading to find out what your peers are doing to mitigate threats and manage cybersecurity at their organizations. 

KEY FINDINGS

 

Most Concerning Cybersecurity Exploitations

Overall, those surveyed reported ransomware and phishing as this year’s top ranked cyberthreats. This response is not surprising; both methods of cyberattack are seen across industries as major risks for cybersecurity in 2018.

Which of the following cybersecurity exploitations do you perceive as most concerning in 2018? Please rank in order, starting with the most concerning.

Most Concerning Cybersecurity Exploitations

TAKEAWAYS-1

TAKEAWAYS

If you aren’t protected against ransomware and phishing attacks, now is the time to take some preventative measures. For IT teams worried about ransomware, we suggest implementing anti-virus software. Those concerned about weak or stolen credentials should consider identity and access management solutions like multi-factor authentication and privileged access management for controlling their security domains and user privileges.

Get a Free 30-Day Trial of Powertech Antivirus

Find out if malicious programs are lurking on your systems with your free trial of Powertech Antivirus.

Top Cybersecurity Strategies

 

Top Cybersecurity Strategies

We asked survey respondents which cybersecurity strategies they would like to see implemented in their organization this year. Thirty-three percent chose Multi-Factor Authentication (MFA) as their top strategy, followed by building strong network security and implementing cybersecurity education and training for users. Runner-up strategies include identity and access management, security policy enforcement, and encryption.

Which cybersecurity strategies would you most like to see implemented in your organization over the next 12 months? Please select up to three.

Top Cybersecurity Strategies

TAKEAWAYS-2

TAKEAWAYS

IT and cybersecurity teams are looking for ways to mitigate the threat of stolen credentials. With MFA and identity and access management high on the list of desired strategies, organizations should implement solutions that provide a wide variety of administrative methods with centralized, flexible use.

It’s also likely that MFA took the top spot for this question because it aligns with several compliance regulations, like PCI DSS and the GDPR, that have requirements for strong authentication this year.

Automate and Encrypt Data Transfers

Share data with systems, employees, customers, and trading partners easily and securely with GoAnywhere MFT. Get started with a free 30-day trial.

Most Challenging Cybersecurity Strategies

 

Most Challenging Cybersecurity Strategies

Which strategies are teams finding most challenging to implement? Over 65% have difficulty balancing cybersecurity controls with business efficiency, and 46% reported struggling with insufficient cybersecurity skills and staffing. Many respondents also listed constantly changing threats and evolving technology as challenges for their teams.

When it comes to securing your organization against threats, what is most challenging for you? Please check all that apply.

Most Challenging Cybersecurity Strategies

TAKEAWAYS-3

TAKEAWAYS

Finding a good balance between cybersecurity controls and business efficiency is difficult. We’re seeing this response consistently across industry reports and offer a variety of solutions to help organizations overcome challenges without reducing overall productivity. Explore our cybersecurity suite to meet needs for automation, security controls, encryption, and secure file transfer.

For organizations that have insufficient cybersecurity skills and staffing, our managed security services can help you do more with the staff and infrastructure you have. HelpSystems works with you to co-source your cybersecurity requirements. We’ll architect and implement your solutions as well as provide you expertise for all your security needs, eliminating the need to split skills and staffing between multiple vendors.

Compliance Trends

TAKEAWAY-4

TAKEAWAYS

While a surprising 28% selected “not applicable” for this question, 76% of those respondents work for an organization with fewer than 999 employees, whereas only 24% who responded “not applicable” work for an organization with over 1,000. It’s likely that smaller organizations haven’t realized a need for compliance because they’re audited less frequently.

We’re seeing an upward trend in compliance requirements for organizations of all sizes. Industries and governments are starting to implement their own requirements (i.e. the General Data Protection Regulation), so IT and cybersecurity teams should be prepared to comply with new regulations and requirements in the future.

GDPR Progress

 

GDPR Progress

Respondents who adhere to the GDPR were asked where they are in their compliance journey. The majority expressed belief that they are relatively well-prepared for compliance, with only 17% saying they haven’t started. However, new and less-familiar regulations often expose non-compliance. 

Where is your organization at with GDPR compliance?

GDPR Compliance

TAKEAWAY-5

TAKEAWAYS

For those who need guidance, we offer a free, 30-minute GDPR readiness consultation with our local experts.

Assess Your GDPR Readiness

Are you prepared for GDPR? Find out with our quick GDPR Readiness Assessment. Just a few simple questions will show you if you're on track toward GDPR compliance and identify areas that might need more attention.

Managed Cybersecurity Services

 

Managed Cybersecurity Services

We asked respondents if their organization leverages outsourced cybersecurity experts to help manage their security, and the answers nearly split down the middle. While 36% said they use cybersecurity services on an as-needed basis, 31% said they maintain their cybersecurity internally, and only 12% leverage consultants full-time.

Do you leverage outsourced cybersecurity experts to help manage your security for you?

Managed Cybersecurity Services

TAKEAWAY-6

TAKEAWAYS

Nearly 21% of those surveyed do not use services but are open to leveraging them in the future. Co-sourcing managed security services or cybersecurity consultation services on an as-needed basis is a flexible, affordable way to fill areas that an organization doesn’t have the expertise, time, or staff to tackle. These areas could include getting annual risk assessments and penetration testing or balancing cybersecurity controls with business efficiency (a challenge for 65% of survey respondents).

Explore HelpSystems Managed Security Services

Find out how the security experts at HelpSystems can help you identify configuration errors before problems occur.

Perception of Cybersecurity in Organizations

 

Perception of Cybersecurity in Organizations

Of those surveyed, most feel their management considers cybersecurity to be “very important” or “moderately important.” Only a combined 9% of respondents said cybersecurity was “slightly important” or “not important” in their organization.

Please select the level of importance management gives cybersecurity in your organization.

Perception of Cybersecurity in Organizations

TAKEAWAY-7

TAKEAWAYS

Most IT and cybersecurity teams understand the importance of maintaining strong cybersecurity practices in their organization. However, it’s often not realistic for them to complete all their security projects and goals at once. Cybersecurity is an ongoing effort, requiring organizations to prioritize their resources in order to create security policies and procedures that last.

If your organization can’t make cybersecurity a top priority today, you can still plan out your goals. Work with a trusted advisor or vendor to determine which cybersecurity areas to focus on. Our team of experts, for example, will partner with you to create a well-developed strategy that leads your organization to an optimal state of security.

Dedicated Cybersecurity Teams

 

Dedicated Cybersecurity Teams

While most survey respondents reported having a cybersecurity team, a combined 46% said they don’t have one. Only 13% of those who said “no” are currently working on forming a team.

Do you have a team dedicated exclusively to cybersecurity?

Dedicated Cybersecurity Teams

TAKEAWAY-8

TAKEAWAYS

The majority of respondents who said “no” work for small organizations (under 999 employees). Because these organizations often lack the resources they need to create a dedicated cybersecurity team, they’re less able to prevent attempted data breaches. Over 60% of breaches happen to organizations with fewer than 1,000 employees. Hackers look for easy targets that offer a path of least resistance, and an uptick in attacks that aren’t easily caught without a team, like ransomware and phishing, has made small organizations prime targets for compromise.

Public Cloud Utilization and Cloud Vendors

 

Public Cloud Utilization and Cloud Vendors

Most respondents reported having 1-25% of their core computing infrastructure in a third-party cloud, typically Microsoft Azure, Amazon Web Services, or Google. While few are close to being fully operational in a public cloud environment, the hybrid model is rapidly gaining in popularity.

One-third of those surveyed aren’t in the cloud. But as cloud technology develops, we expect to see more organizations move to a hybrid environment in the coming months and years.

What percentage of your core computing infrastructure is operating in a third-party cloud?

Public Cloud Utilization and Cloud Vendors

Which cloud vendors do you use today? Please check all that apply.

Which cloud vendors do you use today? Please check all that apply.

Public Cloud Utilization and Cloud Vendors

TAKEAWAY-9

TAKEAWAYS

According to industry sources, “There were 424 percent more records compromised as a result of [misconfigured cloud storage servers, databases, network, and backup gear] in 2017 than the previous year.” A large contributor is due to “a growing awareness among the cybercriminal community of the existence of misconfigured cloud servers.”

Organizations that utilize a public cloud platform need to follow cybersecurity practices just as strictly as if their data was on-premises or in a private cloud. We’ve seen some misconception that vendors are responsible for cybersecurity in a public cloud space, but ultimately, the responsibility for security falls on organizations. Furthermore, as cloud adoption becomes more favorable across industries, organizations should appoint a dedicated team to the cloud to make sure security policies are correctly enforced. We suggest implementing tools and solutions that will protect your infrastructure and extend between on-premises and the cloud.

DEMOGRAPHICS

 

Industry & Job Title

Over 650 professionals in a variety of roles and industries completed the survey.

What is your industry? What is your job title?

Industry & Job TitleHow many employees are in your organization?

Number of employees

Cybersecurity is a Global Pursuit

 

Cybersecurity is a Global Pursuit

Where are you located?

How Secure Is Your System?
Is your organization safe from today's top threats? Find out with a free, no-obligation Security Scan for Linux, AIX, and IBM i.

Related Solutions