You are currently viewing Ponemon Study: Only 1 in 3 Organizations Are Confident They Can Avoid Data Breaches

Ponemon Study: Only 1 in 3 Organizations Are Confident They Can Avoid Data Breaches

Is your company one of those who are not prepared to protect their data and avoid data breaches? 

Minimize the risk of a data breach and protect your business reputation with a solution like SkyFlok.

At SkyFlok, we allow users to use multiple cloud storage providers together to efficiently and securely store files. We distribute the data across multiple locations and providers, which means that an attacker needs to compromise multiple Cloud providers before having any chance to look at the files. Your clients’ data is safe and you keep full control over it.

Subscribe to SkyFlok and protect your sensitive or confidential client data from unauthorized disclosure.

Balbix Inc., provider of the security industry’s first system built for avoiding breaches, today released a report based on Ponemon Institute research evaluating the state of vulnerability and risk management in enterprise environments. Ponemon surveyed 600+ cybersecurity leaders and professionals involved in the evaluation, selection and/or implementation of IT security solutions. The results reveal that the vast majority of organizations are not confident in their ability to avoid major data breaches like Equifax or Marriott, and are specifically struggling with vulnerability management to avoid breaches through unseen or unpatched systems.

“From this research, it is clear that most enterprises recognize not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risk and getting full visibility across their IT assets,” said Larry Ponemon, founder and chairman of Ponemon Institute, “which no doubt led to that low confidence vote in their ability to avoid a data breach.”

According to the findings, too many organizations are struggling to maintain adequate cybersecurity posture and avoid breaches. A key challenge noted is an inability to keep up with basic software vulnerability mitigation and patching – a fundamental but key component of security posture. Key data points include:

  • 68% feel that staffing is not adequate for a strong cybersecurity posture
  • Only 15% say their patching efforts are highly effectiveThe low levels of confidence found in the research is in large part because security teams cannot properly resource the management of vulnerabilities – both identifying and patching. This situation has become acute in vulnerability management because of the sheer volume of alerts for unpatched systems:
    • 67% feel they do not have the time and resources to mitigate all vulnerabilities in order to avoid a data breach
      • 69% scan just 1x/month or even less frequently
      • 49% scan only quarterly or on ad hoc basis
      • 49% said their organization does complete up-to-date patchingWhen asked how they would like the industry to improve and innovate in vulnerability and risk management, respondents – especially those rated as “high performing organizations” – consistently cited requests for these additional capabilities not found in traditional solutions:
        • Automatically discover unmanaged assets (70%)
        • Analyze vulnerabilities in IoT, BYOD and third-party systems (64%)
        • Analyze both unpatched systems and other attack vectors (60%)
        • Receive a risk-based and prioritized list of actions (56%)
        • Receive prescriptive fixes per recommended action (52%)”We are not surprised by these findings from Ponemon Institute’s research,” said Gaurav Banga, founder and CEO of Balbix. “While respondents’ confidence levels in their ability to avoid a breach is obviously troubling, it is clear that most understand the reasons why — alert volume, limited team resources, lack of visibility across assets, and very limited contextual risk. On the positive side, respondents cite a clear list of capabilities that can help them better see and manage their vulnerabilities, which will eventually improve their overall security posture.”

        63% say “inability to act on the large number of resulting alerts and actions” is problematicThe result of this mismatch between alert volumes and limited resourcing is postponed patching, no prioritization of actions and a resulting weaker cybersecurity posture: