June 29, 2021
A survey by IronNet’s Cybersecurity Impact Report 2021, based on interviews with 473 IT decision-makers from the U.S., U.K. and Singapore, found that 90% of respondents said their security had improved in the last two years, but 86% suffered attacks large enough to require a meeting of corporate C-level executives or boards.
The survey also found that 70% of the companies surveyed felt the effects of the SolarWinds attack:
- Significant impact: 31%
- Slight impact: 39%
- Small impact: 15%
- No impact: 15%
The study asked about the financial impact of the attack and found that the average impact was 11% of annual revenue or about $12 million per company.
Businesses in the U.S. reported an average impact of 14% on annual revenue, with averages in the U.K. and Singapore of 8.6% and 9.1%, respectively.
The survey also revealed that 67% of companies have begun to share information with their technology counterparts, and 50% have begun to share more information with government officials.
Companies in Singapore were 57% more likely to share information with governments, followed by U.S. firms at 53% and U.K. firms at 43%. Barriers to this exchange include:
- Concerns about privacy and liability
- The lack of an automated or standardized mechanism for sharing information with peers
- Shared information may not be timely or relevant when companies receive it
In addition, the attack also forced companies to rethink supply chain security: 42% of companies have already modified it, according to the survey.
A recent White House memo recommends companies take these steps to reduce the risk of cybercrime, namely ransomware:
- Implement key best practices such as multifactor authentication, endpoint detection and response, data encryption to render stolen data unusable, and a qualified security team that can quickly fix vulnerabilities and share threat information.
- Back up your data and keep it offline.
- Immediately deploy critical patches and consider a centralized patch management system complemented by a risk-based assessment strategy.
- Implementation and testing of an emergency plan.
- Put business functions and production or production processes on separate network segments and restrict Internet access to company networks.
For more information, read the original story in TechRepublic.
