In 2017, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) teamed up for the second year in a row to look at the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 343 cybersecurity professionals and ISSA members. Eighty-five percent of survey respondents resided in North America, 7% came from Europe, 3% from Central/South America, 3% from Asia, and 1% from Africa.
Like 2016, this year has been eventful in terms of cybersecurity events. For example:
• As of the writing of this report, there have been 416 publicly disclosed data breaches, exposing more than 156 million records (source: privacyrights.org). Visible breaches occurred at organizations like SVR Tracking (540,000 records exposed), Equals3 (590,000+ records exposed), BroadSoft (4,000,000 records exposed), and Equifax (143,000,000 records exposed).
• Ransomware variants like WannaCry, Petya, and Bad Rabbit continue to proliferate. According to a report from Cybersecurity Ventures, ransomware damage is up 15x in two years as global damages are expected to exceed $5 billion in 2017, up from $325 million in 2015.
• Recent threat intelligence from Check Point Software and Qihoo identified a new IoT botnet dubbed “reaper.” Researchers claim that reaper is much more sophisticated than the Mirai IoT botnet used to attack DNS services at Dyn that rendered many Internet sites inaccessible in 2016. Some researchers believe that reaper could grow much larger than Mirai and harness enough network bandwidth to take down critical services or large parts of the Internet.