In the hyper-connected mobile, social, cloud world, cyber security has become a central concern for consumers thanks to recent headlines calling out breaches at major retailers and businesses. And according to a new report from AT&T, every company with valuable intellectual property is at risk for a breach.
With the cost of cyber attacks to the world economy at $445 billion, according to the Cybersecurity Insights Report, one would expect every company to be either evaluating or re-evaluating their cyber security preparedness. But AT&T says that is not the case. In fact, 51% of companies are not re-evaluating information security after high-visibility breaches. And yes, I said "after."
The New IP has been reporting on cyber security since we launched a year ago and we've featured a number of high-profile security experts talking on this same topic, yet it seems that not much has changed since last October.
Scary stats from the report include:
AT&T saw a 62% increase in the number of times DDoS attacks occurred over the past two years.
AT&T has seen a dramatic 458% increase in the number of times hackers searched for IoT vulnerabilities.
Roughly 78% of all employees do not follow the security policies set out by their employer.
Learn more about network security strategies at our upcoming Carrier Network Security Strategies Event in New York on December 2.
So why aren't businesses re-evaluating their cyber security plans? AT&T says one of the big problems is that cyber security is not being addressed at the top. More specifically, 75% of corporate boards are not actively involved in cyber security oversight.
This has to change, especially with the rise in connected devices including cars, smartphones, watches and more -- and that change needs to come from the top. Writes AT&T's John Donovan, senior executive vice president, at the beginning of the report: "Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges."
AT&T outlines a list of steps companies can and should take to protect their businesses:
Perform a data inventory analysis
Share internal and external security intelligence
Authenticate and authorize users
Analyze data traffic
Verify data encryption
Prepare for multiple attack types
Decide who is responsible for data security
Look at your assets from the outside
Figure out where you need help
Next week, The New IP will be reporting from AT&T's annual Cyber Security Conference to get the latest from the service provider's executives, technical and research specialists and industry experts so stay tuned for more information and insight.
In addition, be sure to let us know why you think enterprises aren't doing a better job of protecting their networks by voting in our new poll, The Breach Blame Game.
— Elizabeth Miller Coyne, Editor, The New IP