Lastline Survey Finds More Than Half of Organizations Have Suffered a Cyberattack
Black Hat 2017 attendees describe how cybercrime continues unabated while enterprises remain ill prepared to defend against it
REDWOOD CITY, CA – August 23, 2017 – Lastline, Inc., the leader in advanced malware protection, today released results of a survey that underscores how cybercrime continues to plague organizations. The survey of 134 Black Hat USA 2017 attendees found that nearly 55 percent of respondents have suffered a cyberattack within their respective organizations, with 20 percent being hit with ransomware. While human error is a contributing factor behind these attacks, the survey also found scarce resources to help security teams respond, and a lack of best practices being implemented to prevent future attacks.
Results of the survey include:
- Human error continues to be a key cause of cyberattacks
Eighty-four percent of respondents whose company has suffered a cyberattack attribute it, at least in part, to human error, likely exacerbated by understaffed security teams and a flood of alerts and false positives. Forty-three percent say technology detected the attack but the security team took no action, while another 41 percent attribute the attack to a combination of technology and human error.
- Ransomware is on the rise, but not necessarily effective
One in five organizations has been victimized by ransomware. Of those hit, just eight percent actually paid the ransom while nearly two-thirds refused.
- Information resources to understand and mitigate attacks are scarce
Forty-two percent of respondents have no helpful source about the specific attack and are left to figure it out themselves. Fifty-two percent seek online information from security experts and vendors, and another 19 percent rely on peers.
- Organizations are playing roulette with infected computers
Only 28 percent of respondents follow best practices and erase and rebuild a computer’s software after a potential malware attack. Seventy percent either manually erase (46 percent) or rely on AV tools to identify and clean the malware (24 percent), often resulting in the malware staying in place on the infected machine to continue its attack.
- Cybercrime: risk versus reward
Despite the recent rise in ransomware, just one percent believes it is the most profitable crime with the lowest risk of getting caught. That distinction goes to cyber espionage (43 percent) followed by enterprise financial fraud/embezzlement (31 percent), and identity theft and online banking fraud (25 percent).
- The case for preemptive hacking
When questioned whether black hat hackers should be hired to test security systems, six out of ten respondents were open to the idea, suggesting a willingness to try every possible resource to ensure effective security. Only 43 percent responded with a definite “no.”
“The threat of a cyberattack is something that organizations have to deal with on a daily basis,” said Christopher Kruegel, CEO, Lastline. “This survey highlights the need to adopt best practices and equip security teams with better tools to eliminate false positives and provide crucial information to help them prioritize and address those events that present the highest potential risk.”
Lastline’s family of products is widely acknowledged as the industry’s most effective advanced malware detection and breach protection solution. NSS Labs’ 2016 Breach Detection Systems Test recognized Lastline as the only breach detection offering they have ever tested to achieve 100-percent detection effectiveness with zero false positives. And The Forrester Wave™: Automated Malware Analysis Q2 Report identifies Lastline as the strongest current offering on the market.
Enterprise security professionals use Lastline to defend their organizations against advanced malware-based attacks that result in damaging and costly data breaches. Our solutions deliver the visibility, context and integration security teams need to rapidly detect and respond to network breaches. Guided by a dynamic blueprint of the breach unfolding within their organization, our customers achieve exceptional enterprise security using fewer resources and at a low total cost of ownership. Lastline solutions are sold directly, through an extensive channel of global partners, and are integrated into the solutions of leading security technology vendors worldwide. Lastline is privately held with headquarters in Silicon Valley. www.lastline.com
Latest posts by Lastline (see all)
- Nearly Half of Security Pros Reuse Passwords - July 17, 2018
- Many infosec professionals reuse passwords across multiple accounts - July 17, 2018
- Russia foiled 25mn cyber attacks during World Cup, says Putin - July 16, 2018