As Cyberattacks Intensify, Orgs Don’t Report Incidents

It comes as no surprise that most IT security leaders believe that cyberattacks will intensify in the next year. What is surprising (and troubling) is that many keep attacks to themselves while others don’t invest in the cybersecurity tools needed to protect their organizations in the first place.

That’s according to Keeper Security’s second annual Cybersecurity Census, which found nearly one-third of those surveyed don’t have a management platform for IT secrets like API keys, database passwords and privileged credentials. And while 84% of respondents were concerned about the dangers of hard-coded credentials in source code, 25% simply didn’t have software to remove them, the report found.

What’s more, about one-quarter (26%) lacked a remote connection management solution to secure remote access to IT infrastructure—a significant security gap, Keeper Security said, considering the uptick in hybrid and remote work.

The second annual Cybersecurity Census underscores what troubles most security experts. “Keeper Security’s latest report verified that businesses often choose ease-of-use and speed to develop faster rather than basic security practices,” said Ben Pick, principal security consultant at nVisium.

“The report found that one in three respondents did not have adequate secrets management tools in place. This would lead to using hardcoded keys within the source code and other weak password policies,” said Pick. “Source code or misconfigured services would then become vectors to compromising entire systems.”

Jason Hicks, field CISO and executive advisor, was surprised that 26% of respondents said they don’t have a remote access system. “VPNs have been the go-to for this for many years now and the cost is manageable for any size organization, depending on how you decide to deliver it.”

Newer remote access technologies, too, are available, “but may not be as approachable for smaller firms based on cost,” he said.

The shortcomings revealed by the report can leave organizations vulnerable to attack at a time when the cybersecurity landscape is becoming more treacherous, as the responses indicated. “Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information,” the report noted.

The damage incurred varied, with 18% of organizations experiencing monetary theft—the average amounted to more than $75,000, though 37% lost $100,000 or more. Nearly one-quarter (23%) weren’t able to carry out business operations as a result of an attack or incident.

Some of the damage was less direct and harder to measure—28% of respondents reported reputational damage after a cyberattack and 19% said they lost business or a contract.

“The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties,” said Darren Guccione, CEO and co-founder of Keeper Security. “Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical.”

Avatar photo

Teri Robinson

From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

teri-robinson has 196 posts and counting.See all posts by teri-robinson