Connect with us

Hi, what are you looking for?


Malware & Threats

1 in 6 Say Their Organization Had At Least 5 Significant Security Incidents in Past Year: Survey

A new report from ForeScout Technologies described a challenging world for IT security – one where one in six IT pros say their organization has had five or more significant security incidents in the past year.

A new report from ForeScout Technologies described a challenging world for IT security – one where one in six IT pros say their organization has had five or more significant security incidents in the past year.

The research, titled the ‘2014 Cyber Defense Maturity Report’, was conducted by IDG Connect and features responses from 1,600 IT information security decision makers in organizations with more than 500 employees across five industries in the U.S. and Europe. 

“The findings provide a useful snapshot of the state of exposures, controls and investment across global regions and industries,” said Scott Gordon, chief marketing officer at ForeScout, in a statement.

Ninety-six percent of the 1,600 respondents said their organizations had at least one significant security event in the last 12 months, while 39 percent said there had been two or more. Though the majority of those surveyed said they were aware that some of their security measures were immature or ineffective, just 33 percent had high confidence their organizations would improve those controls.

“The top five sources of compromise recorded by survey respondents were phishing attacks, compliance policy violations, unsanctioned device use, unsanctioned application use and [unauthorized] data access, with as much as 25 percent of organizations across all vertical sectors experiencing five or more instances of phishing specifically in the past 12 months,” according to the report (PDF).

“Aggregated across all three regions [the US, UK and the DACH region comprised of Germany, Austria and Switzerland], the finance sector recorded marginally higher numbers of phishing attacks, compliance policy violations, instances of unsanctioned application use and data leakage than the other industries, with manufacturing seeing more breaches caused by unauthorized data access, unknown devices and zero day malware,” the report notes. “The healthcare industry appears least affected by both phishing and targeted attacks but slightly more open to unsanctioned device use and data leakage issues.”

According to the report, malware and advanced persistent threat (APT) attacks were rated as a top priority across all industries and regions, yet it appears that there is lower likelihood of investing further resources to reduce perimeter threats. Forty percent said that security management tasks are more challenging now than two years ago; specifically in regards to diagnosing, preventing, identifying and remediating issues.

Advertisement. Scroll to continue reading.

Those in the education and manufacturing sectors were least confident (73% and 71% either not or somewhat confident) that security measures relating to personal mobile device usage would be improved by their organizations.

“A large majority of organizations believe that the Bring Your Own Device (BYOD) trend which sees employees expecting to use their own smartphones, tablets and other devices to access company networks and systems has an impact on their existing governance, risk and compliance (GRC) controls,” according to the report. “An average of 78% of all respondents cited that any one of the 14 popular BYOD controls referenced would have an impact on GRC. The need to implement malware prevention (82%), lost or stolen device data wipe mechanisms (82%), appropriate user/device enrolment tools (81%), device usage controls (79%) and data encryption (79%) on those devices are perceived to have the most significant GRC implications. “

The report can be downloaded here.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...