U.S. businesses are at high risk for data security threats from increasingly effective phishing attempts and the lack of procedures to restrict data access, according to GetApp’s 4th Annual Data Security Report. Newer companies are especially vulnerable to security threats.
This survey of IT security managers and employees reveals seven significant trends related to data security threats facing U.S. businesses:
1. Phishing emails are on the rise, and so are the employees clicking the links
This year, 89% of companies surveyed report receiving a phishing email, a jump from 77% who said the same in 2021. What’s more concerning is the percentage of employees who click on phishing links, which has increased by 88% over the previous three years.
2. To fight back, businesses are implementing more phishing tests
Fortunately, businesses are fighting against the growing phishing attempts by implementing phishing tests among their workforce. Phishing tests have more than doubled since 2019 (30% vs. 70%).
3. Two-factor authentication is finally ubiquitous—just as attackers find new ways to defeat it
A majority (92%) of businesses in 2022 report using two-factor authentication (2FA) for at least some business applications. However, cybercriminals have found new ways to defeat 2FA. An area of weakness is MFA fatigue—threat actors repeatedly send victims authentication requests until they give in and grant access.
4. Businesses often give employees more access to data than necessary
Today’s most destructive cyberattacks rely on unrestricted data access privileges to infect and spread throughout business networks. Unfortunately, 68% of businesses allow employees more access to data than they need. And one in three businesses permits employees to access all company data.
5. Newer companies are more vulnerable to attacks
Mature companies tend to have well-developed policies and processes to thwart attacks. Companies with two or fewer years in business are nearly three times as likely to report a ransomware attack compared to those with ten or more years in business.
6. Ransomware attacks have doubled, but fewer companies are paying the ransom
In the last two years, the total number of ransomware attacks has doubled while the rate of companies paying the ransom has steadily decreased. This finding can be attributed to more companies either successfully decrypting data and removing the malware or recovering from the attack by using a backup without paying a ransom.
7. Most companies have increased security budgets and awareness training
The number of companies scheduling semi-annual security awareness training in the past three years has more than doubled. In the past year, nearly two in three (62%) companies have also increased their security budgets .
Data is typically a company’s most valuable resource, and the effort to protect it can mean the difference between success and failure.