Most organizations continue to believe that they do not need to pursue assiduous data loss prevention, regarding cyberattacks as either unlikely to occur or financially insignificant even if successful. The rising prevalence of cybercriminal tactics like advanced persistent threats have contributed to this complacency. These gambits tend to evade traditional endpoint security software, and while they lack the profile of denial-of-service attacks, they are potentially just as damaging.
According to a survey analyzed by Infosecurity, over 67 percent of companies insist that they have not been the victims of a cyberattack in the last year and a half, or admitted that they had little visibility into whether one had actually compromised their networks. The survey’s coordinators expressed skepticism about these results and pointed to the wide array of vulnerable mobile and desktop endpoints now commonplace in businesses.
“Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter”, said survey coordinator and security expert Tom Cross. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes.”
Sixteen percent stated that they had experienced a DDoS attack over the same period, and 18 percent reported that they had encountered malware. Still, most regarded the consequences as slight and not worthy of new endpoint security and control strategies. Thirty-eight percent stated that they had not been impacted by identified security breaches, and only 20 percent admitted to financial loss.
Reputational loss was more widespread, however, affecting one-quarter of respondents. Underscoring the potential consequences of cyberattack on both reputation and finances, a recent incident at The University of Delaware resulted in the exposure of sensitive data of 74,000 individuals, according to WDEL contributor Amy Cherry. Attackers targeted the school’s website and scraped information about Social Security Numbers and university identifications, forcing it to provide free credit monitoring to affected parties.