3 Reasons Why Organisations are Unprepared for Cyber-Security Incidents

Research from NTT Com Security’s 2016 Global Threat Intelligence Report suggests that over the last three years, over ¾ of organisations were unprepared for cyber-security incidents.  In 2015 NTT analysed 3.5 trillion (yes, trillion) logs, and over 6.2 billion attacks.  It’s worth a read for any network security professional, but the stand-out conclusion seems to be the same thing we hear all the time, businesses are not setting themselves up properly to avoid a major cyber incident.

So we tasked our analysts with finding out why Businesses don’t have the necessary expertise or equipment to deal with these threats, and they came back with 3 things you may not have considered:

They think they’re protected enough already

Many security companies tell customers that they are protected from any network threats with their product(s) and in the past this may have been reasonable.  The reality is that with the latest threats originating from both inside and outside the network this does not hold true. Security needs to be applied in layers, including staff training, technology and buy in from all levels of the business. Budget needs to be put aside and assigned to mitigate these vulnerabilities.

They can’t see the issue until it’s too late

Many organisations just don’t have the visibility of what users and software are doing on their network.  Whilst this is sometimes not necessary, as a network changes new vulnerabilities open up and these organisations may have a security hole that they are just not aware of.  This can make it difficult to build a business case for investment without the evidence to show how many ‘near misses’ there may have been.

They don’t look for long-term solutions

In many cases it seems that finding the malware is the end game.  While many product can assist with catching malware ‘in the act,’ it is often better to find the vulnerability or misconfiguration that allowed the malware or malicious user to get a foot hold and prevent it from happening in the first place.  An example would be bailing water out of a sinking ship rather than just plugging the hole that the water is coming in from.  Yes they’re technically solving the problem, but there’s a simpler and longer term solution for them.


Of course there’s countless other reasons why this might be the case, but it’s worth considering if you, or anyone you know fall into any of the above categories.