Webroot rates Florida the worst state for cybersecurity practices.

Edward Gately, Senior News Editor

June 9, 2018

8 Min Read
Cybersecurity
Shutterstock

Bad news for Florida: The sunshine state has the worst cybersecurity practices among consumers, leading to workplaces especially vulnerable to breaches.

That’s according to Webroot, which revealed the top five riskiest states when it comes to cybersecurity practices. Issued in conjunction with Ponemon Research, the report details residents’ level of readiness to prevent, detect and respond to cyberattacks such as ransomware, phishing and identity theft.

After surveying more than 4,000 individuals in the United States about their cybersecurity knowledge and internet safety practices, Webroot found that Florida ranks as the riskiest state. Coming in second was Wyoming, followed by Montana, New Mexico and Illinois.

Tomeo-Charles_Webroot.jpeg

Webroot’s Charles Tomeo

Charles Tomeo, Webroot’s vice president of worldwide business sales, tells us the report underscores that most people aren’t practicing good cyber hygiene at home, which can easily translate into poor cybersecurity practices in the workplace.

“Poor cyber hygiene at work can result in data breaches or ransomware infections, costing businesses money, hours of downtime and negative impact to their reputation,” he said. “It’s clear from this data that MSPs delivering security services are more important than ever to keep businesses safe.”

On the flipside, the safest state is New Hampshire, followed by Massachusetts, Utah, Rhode Island and Minnesota.

Despite some of the largest data breaches in history occurring last year, such as the Equifax breach that disclosed the financial information of more than 145.5 million Americans, this report illustrates that many U.S. residents still fully don’t understand the risks they face online.

“To me, the most surprising thing is that over 50 percent of Americans don’t use antivirus, which is shocking given the sheer number of threats that are out there today,” Tomeo said. “Threats like ransomware can be particularly devastating to users without data backups. Using a reputable antivirus solution is one of the easiest things you can do to protect yourselves from a variety of nasty cyber threats.”

Some 72 percent of Floridians reported sharing passwords or other access credentials with others. In comparison, 53 percent of respondents in New Hampshire claimed that they never share passwords with others.

Overall, less than one in four Americans regularly monitors bank and credit-card statements, blocks pop-ups, updates online account passwords and takes precautions before clicking on an email — all of which are factors that would increase online security, Webroot says.

With Florida leading the pack as the riskiest state, many might think age plays a significant role in determining risk; however, 75 percent of respondents 30 and under were found to have a higher level of cyber riskiness than older respondents, according to the report.

“This report is a good reminder that most of us aren’t taking cybersecurity seriously,” Tomeo said. “If everyone kept their system patched, didn’t share passwords and used a good antivirus, the world would be a much safer place.”

Security providers should be targeting customers in all states as cybercriminals don’t discriminate when it comes to their victims’ locations, he said.

“While Florida may be the riskiest state and New Hampshire the safest, there’s still room for all of us to improve,” Tomeo said. “We always recommend …

… individuals practice good judgment and cyber hygiene, including using a strong password, avoiding public Wi-Fi and using a reliable antivirus.”

Disturbing Trend: ‘Double Standard’ in Incident, Breach Reporting

A new survey of more than 250 cybersecurity professionals by Thycotic shows 84 percent want to be notified immediately if a company they worked with had experienced a breach; yet, only 37 percent of these same professionals would notify customers right away if their organization was breached.

Just as disturbing: Many cybersecurity professionals wouldn’t go on record to admit that their organization had been breached. Only one in three (32 percent) security experts admitted that their companies had been a victim of a cyberattack in the past 12 months.

“I wouldn’t tell you even if we had experienced an incident or breach,” many respondents indicated. In addition, nearly one in six admitted they had experienced a data breach and kept it a secret from the public or unsuspecting victims, which could be the result of pressure from executives or board members since these incidents could have a major negative impact on the business.

Carson-Joseph_Thycotic.jpg

Thycotic’s Joseph Carson

“The lack of investment and prioritization of an incident-response readiness program means that cybersecurity professionals lack good understanding on a company’s ability to perform responsible disclosure to impacted parties, resulting in the double standards,” Joseph Carson, chief security scientist at Thycotic, told us.

Most respondents who wouldn’t disclose breaches said they are under strict nondisclosure agreements, he said.

“Transparency is extremely important as it can help cybersecurity professionals prevent their organizations from becoming a victim by knowing the indicators of compromise (IoC) and learning from data breaches,” Carson said. “We need to share both successful and failed incident-response experiences.”

While the findings around double standards on breach and incident reporting are concerning, Thycotic also found that progress, while uneven, is being made when it comes to incident-response planning. For example, 56 percent of security experts confirmed they have an incident response plan in place and tested, and 20 percent have prepared a contact list and communications to manage an incident.

Also, 12 percent have conducted “red team” training with their executives, and 10 percent have a public-relations team prepped to manage incident communications, and legal-team advisers ready, according to the survey.

“The IT channel can learn that it is better to be prepared and understand the importance of incident-response readiness,” Carson said. “This will set better expectations on responsible disclosure. Organizations need to prioritize incident response as much as they invest in preventing data breaches, as it is only a matter time before they become a victim or find out they are already a victim.”

Symantec Unveils Cloud-Based Network Security Offering

Symantec this week announced new enhancements to its Network Security for the Cloud Generation solution designed to protect enterprise devices anywhere their employees work or travel, across the network, the cloud, mobile and traditional endpoints.

The enhancements include: web isolation technology integrated into Symantec’s Web Security Service (WSS), allowing web browsing without risk of infection by zero-day malware or advanced threats; and network-to-endpoint protection with the integration of Symantec Endpoint Protection (SEP) and SEP Mobile into WSS, allowing web traffic re-directs to …

… WSS for enforcement of network-security policies. Also, SD-Cloud Connector allows customers to combine SD-WAN with Symantec’s WSS to create a “simple, high-performance method to connect branch office locations with its cloud security service,” the company said.

Gerry Grealish, Symantec’s senior director of product marketing, tells us one of the biggest challenges faced by Symantec partners selling security offerings to customers and prospects is that they can only take on so many projects at one time.

Grealish-Gerry_Symantec.jpg

Symantec’s Gerry Grealish

“Because of this, sales opportunities become slotted sequentially versus being run in parallel,” he said. “Symantec’s cloud services, including the recent advancements, are all about taking the complexity out of security. For example, when you are selling (WSS), you simultaneously have a secure web gateway, threat prevention, (data loss prevention) DLP and (cloud access security broker) CASB sale in flight. The integration with SEP opens an immediate opportunity for an endpoint deal. And with the SD-Cloud Connector, which is based on SD-WAN technology, you can actually start a network infrastructure discussion. So simplifying the ability for customers to consume all of these services opens up some large opportunities for our partners.”

The updated offering gives Symantec and its partners a competitive advantage, Grealish said.

“The new capabilities bring even more differentiation to the existing service,” he said. “All of these capabilities are pre-integrated and are designed to be used together. This makes it simple for partners to add these capabilities to the core web gateway sale when they are selling cloud security to prospects.”

Cybersecurity Worker Shortage Getting Worse

Demand for cybersecurity workers continues to escalate, with more than 300,000 job postings in the public and private sectors during the 12-month period between April of last year and this past March.

That’s according to CyberSeek, a joint development of CompTIA and Burning Glass Technologies, a labor-market analytics firm. The total employed U.S. cybersecurity workforce during the 12-month period was a little more than 768,000.

“The cybersecurity talent shortage is widespread, impacting all 50 states,” said Matthew Sigelman, Burning Glass’ CEO. “In every state, the employed cybersecurity workforce would have to grow by over 50 percent to align with the market average supply and demand ratio.”

Across all jobs, there were six-and-a-half employed workers per opening, while in cybersecurity there were only two-and-a-half.

Thibodeaux-Todd.jpg

CompTIA’s Todd Thibodeaux

The metropolitan regions with the largest number of cybersecurity job openings are Washington, D.C. (43,200 openings), New York (approximately 20,000) and Chicago (nearly 11,500).

CyberSeek identified 10 core roles and five feeder roles – or career areas – that might serve as stepping stones into cybersecurity. Of the core cybersecurity roles, the largest current demand is for engineers, with almost 37,600 openings. Four of the 10 core cybersecurity roles have average advertised salaries above $100,000: cybersecurity architects, managers, engineers and  consultants. Of these, architects have the highest average salary, at $133,000.

“We’ve seen dramatic shifts in enterprise technology as organizations adopted a cloud-first mentality, mobile devices became ubiquitous and digital data has grown in relevance,” said Todd Thibodeaux, CompTIA’s president and CEO. “Yet for all the focus on new and emerging technologies, cybersecurity remains the constant, led by a trained and certified cybersecurity workforce. CyberSeek demonstrates that the cybersecurity field is rich with opportunities for current and prospective technology professionals.”

Read more about:

Agents

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like