One-in-five security experts unsure they can prevent a damaging breach

Dr. Srinivas Mukkamala, Chief Product Officer at Ivanti

Ivanti, the provider of the Ivanti Neurons automation platform that discovers, manages, secures, and services IT assets from cloud to edge, announced its State of Security Preparedness 2023 Study. Ivanti worked with experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and find out how firms are preparing for yet-unknown future threats.

What were the findings of Ivanti’s survey?

The report revealed that despite a stunning 97% of leaders and security professionals reporting their organisation is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one-in-five ‘wouldn’t bet a chocolate bar’ they could prevent a damaging breach. In fact, the study finds that organisations are racing to fortify against cyber-attacks, but the industry still struggles with a reactive, checklist mentality.

This is most pronounced in how security teams are prioritising patches. While ninety-two per cent of security professionals surveyed also reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning take priority.

“Patching is not nearly as simple as it sounds. Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and address vulnerabilities without excess manual intervention,” said Dr. Srinivas Mukkamala, Chief Product Officer at Ivanti.

What are the top industry threats for 2023?

Cybersecurity insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. About half of the respondents indicated they are “very prepared” to meet the growing threat landscape, but expected safeguards like deprovisioning credentials are ignored a third of the time, and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.

The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers. Additionally:

  • More than 1-in-3 leaders have clicked on a phishing link
  • Nearly 1-in-4 use easy-to-remember birthdays as part of their password
  • They are much more likely to hang on to passwords for years
  • And they are 5x more likely to share their password with people outside the company

One survey taker shared, “We’ve experienced a few advanced phishing attempts, and the employees were unaware they were being targeted. These attacks have become more sophisticated over the last two years – even our most experienced staff are falling prey to it.”

To cope with a rapidly expanding threat landscape, firms must move beyond a reactive, rules-based approach. To learn more about Ivanti’s report, please visit here.