Many organizations, including financial services, believe their digital transformation efforts have outpaced security capacity. Some 70% of the information security decision makers surveyed have modest to no confidence in managing threats.

According to a recent IDG Connect research report, “The State of Enterprise Digital Defense,” sponsored by San Francisco-based digital threat management firm RiskIQ, there was a contradiction in effectiveness and likely investment compared to incidents' actual consequence on organizations.

More than 80% of respondents held they had no to moderate confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand, and ecosystem. This despite over 50% of respondents citing frequency and serious impact of malware, phishing, domain infringement, web scams, and rogue mobile and brand abuse.

This illustrates the current landscape and extent of digital threats, as well as the application and maturity of defenses to protect an organization's digital presence.

Financial services, manufacturing and the consumer-packaged goods sector are the top investors in digital threat management tools, but the general expenditure picture is very healthy among all industries surveyed with 99.4% expected to increase spending on digital threat management tools and services. Across the board, the expected trend is up and the uptick quite significant.

“Businesses today are in the throes of digital transformation and are seeking to leverage their online presences to enrich products, deepen customer relationships and boost their brand ecosystems,” the report revealed. “Cyberadversaries have gone digital too, taking advantage of organizations' digital presences and brands. Today, phishing, malware, domain infringement, malvertising (the use of online ads to spread malware), ransomware, malicious mobile apps, brand abuse and fake social posts are all prominent.”

There are accelerating threats that exist outside a company's perimeter defenses and they affect businesses, customers and brand perceptions as well with more than 75% of enterprise security breaches due to external threat actors.

“Fraud and counterfeiting is a multi-stakeholder problem between brand owners, technology companies providing monitoring services, and online marketplaces. Without a strong partnership, these efforts tend to fail or degrade over time,” Darren Spruell, threat researcher, RiskIQ, said. “We see domain infringement and brand abuse incidents of all types, many of which are used to sell counterfeit goods, which is a booming industry. But we also see phishing pages and scam sites for fake jobs, travel offers, software updates, and malware attacks.”

While InfoSec investments have increased to protect the adoption of various forms of cloud computing, security programs and resources are truly in catch-up mode when it comes to the defense of an organization's external digital presence.

The research noted, “Today we are going through just such an inflection as organizations transform themselves via websites, apps and other digital means of online, connected engagement. However, it is a certainty that adversaries will try to capitalize on these approaches with plans to exploit trust in organizations' digital presence, brands and novelty of experience.”