Senior-level security executives expect cybersecurity threats to grow in 2018, but most say they’re ill-equipped to stop the types of cyber attacks that wreaked havoc worldwide in 2017, a new report shows.
Global IT service management firm Solarwinds MSP released the 2017 Cyberattack Storm Aftermath report, for which Ponemon Institute surveyed 202 senior-level security leaders in the U.S. and the U.K.
The survey focused on the Vault 7 cyber breach of the CIA by WikiLeaks (March 2017) as well as the worldwide WannaCry (May 2017) and Petya (June 2017) ransomware attacks.
It found cyber experts knew more about ransomware attacks like WannaCry and Petya than Vault 7-style attacks like Weeping Angel and Dark Matter — and saw the ransomware strains as as a greater threat.
But that perception of risk did not match the attacks they actually experienced.
Weeping Angel and AfterMidnight — both Vault 7 attacks — ranked first and second on the list of cyber-exploits experienced by most organizations, at 34 percent and 31 percent respectively.
Just 9 percent of respondents said their organization was capable of preventing Dark Matter or AfterMidnight, and 38 percent said their organization could prevent a Weeping Angel attack.
Only a quarter of all organizations had a full complement of cybersecurity specialists with the expertise to deal with attacks. Another 17 percent used outside resources like managed security services providers, 24 percent used both internal and external experts, and 33 percent had no specialists at all.
In addition, less than half the cybersecurity leaders surveyed believed their organizations had the technology and budget to prevent detect and contain cyber threats.