Almost a third (30%) of all IT and security professionals whose firms suffered a data breach did not publicly disclose the event, but rather decided to sweep it under the rug.
This is according to a new report from Bitdefender based on a survey of more than 400 relevant experts working in companies with 1,000+ employees, which added that an even higher percentage (42%) were told by the higher echelons to keep the incidents to themselves.
Reporting a data breach is not just morally right – it’s also a legal obligation in most parts of the world. Data watchdogs and law enforcement agencies demand businesses disclose these things in order to minimize the potential damage to their customers who might be targeted with phishing or have their identities abused (opens in new tab) for nefarious purposes.
Demanding threat landscape
But disclosing a data breach also means fines, loss of business, a tarnished reputation, and many other unwanted consequences.
Bitdefender’s research found that business leaders pressure their staff to hide cyberattacks because the threat landscape is getting more demanding. More than half (52%) of organizations experienced a data breach in the past 12 months.
In most cases, IT leaders are worried about software flaws and zero days (54%), phishing and social engineering (52%), supply chain attacks (49%), ransomware (48%), and insider threats (36%).
“Worldwide, organizations [are] under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with [the] complexities of extending security coverage across environments and an ongoing skills shortage,” said Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender business solutions group.
It’s almost impossible to guarantee cyber-safety in today’s harsh environment, the researchers conclude, but there are things businesses can do to minimize the chances of that happening, such as investing in state-of-the-art detection and response solutions. Investing in firewalls, opting for zero-trust network access (ZTNA), setting up multi-factor authentication (MFA) solutions, and more, can help lift the pressure.
”The results of this survey demonstrate, more than ever, the importance of layered security that delivers advanced threat prevention, detection and response across the entire business while improving efficiencies that allow security teams to do more with less,” Florescu concluded.
Via: VentureBeat (opens in new tab)