Businesses at Risk From Data Breaches, Cyber-Attacks: Survey
Most businesses focus their threat prevention on the data center, though security resources remain limited overall.A high percentage of businesses are unprepared for security threats and are using inefficient threat prevention tools such as vulnerability scanning, according to a survey released by security risk management solutions specialist SkyBox. The survey found that although 92 percent of companies have a vulnerability management program in place, nearly half consider their networks to range from somewhat to extremely vulnerable to security threats, and in the past six month, nearly half (49 percent) of companies surveyed have experienced a cyber-attack that lead to a service outage, unauthorized access to information, data breach or damage. Forty percent of companies scan their internal networks once per month or less frequently, and even the critical demilitarized zone (DMZ), a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, are typically scanned once per week or less often. Internal networks and data centers received top priority in terms of scanning frequency, with 35 percent of organizations scanning these zones on a daily basis, although 49 percent of respondents said their organizations did not conduct vulnerability scanning as often or as in depth as they would like.
Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for spot checks that arent effective at minimizing risks, Gidi Cohen, CEO at Skybox Security, said in a prepared statement. Critical vulnerabilities have to be identified, prioritized and remediated daily, across a significant portion of the infrastructure, in order to systematically shrink the risk window and prevent data breaches and attacks."