IT, consulting and business process services firm Wipro has released its first-ever cybersecurity report — interviewing nearly 140 CISO teams across various industries — and the results are disheartening: 2016 saw a 53.6% rise in the number of records stolen year over year, and 56% of reported cybersecurity breaches saw user credentials and passwords among the data stolen.
Evaluating trends in current security practices in 11 countries across North America, Europe, APAC, Middle East and South Asia, the “State of Cybersecurity Report, 2017” found that employees remain the biggest point of weakness, with nearly 60% of companies ranking phishing as the No. 1 cybersecurity concern.
Additionally, the report found that 58% of respondents experienced some form of DDoS attack in 2016, just over 30% said they haven’t participated in cyberattack simulation exercises, only 20% test their apps for vulnerabilities during every stage of an app’s build, and less than 50% have some form of cybersecurity insurance policy coverage.
“Cybersecurity is becoming a top priority for businesses. It has become very critical to identify risks near real-time and empower stakeholders to take actions and decisions based on priority,” said Sheetal Mehta, VP and global head of cybersecurity and risk services for Wipro. “The report highlights crucial findings on attacks, vulnerabilities and cyber defense that are useful for teams across cybersecurity strategy, operations and risk management.”
Following a breach, 22.6% of the respondents said it took one to three months to fix critical app security vulnerabilities once they’d been reported, while 21.7% of the respondents said it took them just a month to do the same. “The delay in addressing these vulnerabilities might result in applications going out to production with the business owners accepting the residual risk,” the report reads. “The time to fix can only be reduced by inclusion of application security check points early on in the [process] and making the review and remediation process a part of the organization’s IT DNA.”
The study also found that a majority of the security products available were themselves vulnerable to exploitation, with CISOs forced to track vulnerabilities in the security products meant to protect their organizations.
“When we asked our respondents to rank the key security competencies that will help cybersecurity practitioners to innovate and reinvent themselves for the market, 32.8% indicated that knowledge and experience on machine learning technology is going to be a key skill,” the report reads. “Additionally, 25.4% of the respondents highlighted that security design and architecture skills will play the foremost role in stitching together cybersecurity management solutions across disparate environments, geographies and technology layers.”