Nearly 4 in 5 companies (79%) were hit by a cyber breach in the past year and 68% expect further breaches this year, according to a survey commissioned by security firm Balabit.
The poll of 400 IT and security professionals in the UK, France, Germany and the US also reveals that the majority of businesses know very little about the nature of the security breaches that take place in their organisations.
Despite the high proportion of companies that are experiencing breaches, only 48% of respondents said they would be fully confident knowing a breach had even happened, which means that more could have taken place without their knowledge.
Only 42% feel very confident about what data was accessed, and a mere 39% were fully confident that they could identify the source of a breach.
With half of all security breaches being employee-related, 69% of senior IT professionals agree that insider data breach is the biggest threat many are facing in terms of network security.
This is leading to internal tension in businesses around the development of cohesive security strategies, the report said.
Although the survey shows 80% of respondents agreed that educating employees is key to securing the network, the survey report notes that businesses should aim for a balance between technology and employee education to tackle the insider threat, whether it is malicious or accidental.
“Attacks are becoming more sophisticated and every organisation is at risk,” said Csaba Krasznay, security evangelist at Balabit.
“Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”
Krasznay said it is “alarming” that the majority of businesses know very little about the nature of the security breaches that are happening to them.
“Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” he said.
While 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It is therefore unsurprising that there is still no cohesive response to the ongoing threat of cyber crime, the report said.
According to Krasznay, the research demonstrates that when the threat is unpredictable and exists already inside a business, it is essential to create comprehensive security strategies.
“This should incorporate a balance of both employee education and appropriate security technology. This way, organisations can ensure that they know their environments and are prepared to tackle ever-evolving security threats,” he said.