A fresh piece of research has thrown some light on the security concerns of businesses, and the fact that the vast majority of firms are expecting to be hit by a data breach within the next year.
The attendee survey for the 2016 Black Hat USA conference found that 72% of those questioned said they felt it was likely that their business would be hit by a major data breach in the next 12 months. And 15% went further to say they had 'no doubt' they would be struck by a major data breach – causing major problems, naturally – in that timeframe.
The research, which encompassed some 250 IT security pros (and was spotted by ZDNet), also found that those surveyed feared phishing and social engineering attacks the most, for good reason – and 28% said staff members who flaunt company security policy are the weakest link in their security chain.
The solution to that, generally speaking, is to push even more effort into educating staff on best security practice. But sometimes even that won't be enough to overcome the idle curiosity that could prompt an employee to click a dodgy link in an unguarded, thoughtless moment.
You can't get the staff these days…
The other thorny issue that this research uncovered was that many businesses feel they simply don't have enough qualified security staff to help keep things watertight. In fact, 74% admitted that they don't have enough staff to deal with the threats and problems that they expect to crop up within the next year.
Which might well be a contributory reason to the aforementioned expectation of being hit by a data breach.
For firms in the UK, exposing customers to a breach could well have more severe consequences soon, as a few months ago, a cybersecurity report from MPs made a number of recommendations including a series of escalating fines for companies who spill customer details.
So maybe organisations should be thinking seriously about finding the money to hire the necessary security staff, which might save them from having to find the money to pay a hefty fine – not even considering the reputational damage to the business which such an incident causes.
