Nearly two-thirds (64%) of UK IT decision-makers expect their organisation to be the target of a cyber attack within the next 12 months, a study has revealed.
While 32% of those surveyed confirmed their business was hit by a cyber attack during the past year, many were uncertain about their ability to detect one.
Almost half of those surveyed (49%) said they did not even know if they had been compromised. Highlighting the problem of blind spots on enterprise endpoints, 61% of respondents rated their ability to detect suspicious behaviour in advance of an attack as no better than average.
In organisations that use point-of-sale (POS) systems to process credit card payments, 70% admitted they had no way of knowing if their systems had been targeted.
>See also: The 2014 cyber security roadmap
And only 20% were able to say with confidence that their POS systems had not been targeted by cyber attack. Among POS users, only half (52%) were confident or very confident that their current security solution would be able to stop advanced threats or targeted attacks against their systems.
“Visibility is critical for effective security, yet these results show that far too many organisations don’t know what’s happening on their endpoints”, said Ben Johnson, chief evangelist for Bit9 and Carbon Black.
“You can’t stop advanced threats and targeted attacks if you can’t see what’s happening. Prevention, detection and response are built on the ability to see all activity on every endpoint and server”.
The survey, conducted by Vanson Bourne on behalf of Bit9 and Carbon Black, covered 250 UK IT decision makers, working in organisations of at least 250 employees, across an array of industries.
End-user machines, like laptops and desktops, were cited as being most vulnerable to cyber attack (41%), demonstrating the need for organisations to ensure they can continuously monitor and record activity across all endpoints.
Almost three quarters (74%) of respondents still had systems running on Windows XP, even though the OS has now reached end of life. And only 29% of that group had plans to put a new OS in place.
When asked about the impact of an attack on their organisation, respondents worried most about system downtime (77%), data compromise (68%) and damage to their corporate brand (52%). Half admitted that a cyber attack would impact them financially.
Looking at the source of possible cyber attacks, 61% of respondents cited disgruntled employees as being one of the top three most likely attackers — exceeded only by Anonymous or other hacktivists (86%) and cyber criminals (77%).
These figures reflect the need to actively enforce security policies for internal staff and systems in addition to securing systems — and the important data on them — against outsider attacks.