Given the severe devastation WannaCry and NotPetya caused to organisations around the world, you would have thought investment and interest into beefing up defences would have increased? Well not according to the latest research by AlienVault.
Having surveyed 233 IT professionals globally about how their roles have changed following these high-profile attacks, just 16% of IT security professionals believe that their bosses and company boards have taken a greater interest in their roles as a result of the WannaCry and NotPetya cyber-attacks of 2017
It was also found that 14% have had their budgets for cyber security increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.
The findings follow a separate research report from PwC which found that UK businesses have cut their cyber security budgets by a third, compared to the same point last year.
Javvad Malik, security advocate at AlienVault, explained: “WannaCry and NotPetya are generally believed to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture. Destructive malware poses existential threats to companies across all industries and can no longer be ignored. To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks.”
Worryingly, 13% of IT professionals whose organizations were affected by WannaCry or NotPetya felt that they were blamed for their organizations falling victim. As a result, many IT teams have worked hard to strengthen their organization’s cyber security in the wake of these attacks. Two-thirds (66%) are more up-to-date with patching than they were previously, and half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats. In addition, 58% carried out a review of their organization’s cyber security posture following the attacks.
Javvad Malik continued, “Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers. Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”
The research also explored whether IT professionals have noticed any changes in the way others treat them, following the high volumes of media attention around WannaCry and NotPetya. Almost a quarter (23%) reported that their family and friends are more interested now in hearing about their work. In addition, 28% believe that most people in their organizations listen to their IT advice more than they did before.
However, despite the widely reported IT security skills shortage, just 10% of those surveyed have experienced an increase in job offers, or managed to negotiate a pay increase, following the attacks.
Javvad Malik continued, “The IT security profession remains a very tough place to work, where resilience is the key to success – particularly if you are blamed in the event of your company suffering a security incident.”