A recent Bit9 + Carbon Black announcement concerning a Vanson Bourne study revealed that almost two-thirds of IT decision makers in the U.K. believe their organizations will fall victim to cyberattacks in the next 12 months.

Vanson Bourne, an independent research company, surveyed 250 U.K. IT decision makers who worked in organizations that contained at least 250 employees. It found that 64 percent of respondents believed their organizations would experience cyberattacks within the next year and that 32 percent said they had already experienced attacks in the previous year.

Those figures are perhaps not as worrysome as the percentage of respondents—49 percent—who indicated that they did not know whether or not their organizations were compromised. In addition, 61 percent said their ability to detect threats was no better than average, and within the group of respondents that worked with point-of-sale systems, 70 percent said they had no way to tell whether or not they were attacked.

The study also identified a range of devices and systems that were most vulnerable to hackers. Respondents showed a total of 41 percent of end-user machines as vulnerable to attack—the most out of any set of devices the survey discussed. Many of these machines and other user systems, 74 percent of those surveyed, still run on Windows XP, and only 29 percent of individuals said their organizations had plans to upgrade to supported operating systems. Microsoft dropped much of its support for Windows XP in April this year.

IT decision makers also make it clear they were worried about a number of effects that cyber attacks might cause them. They pointed to system downtime, data compromise, brand tarnishing, and financial loss. They also cited disgruntled employees, "hacktivists," and cybercriminals as those groups most likely to inflict such harm.

The fact that these IT professionals indicated a high likelihood of harm coming from within underscores the need for internal protection as well as external protection. Hackers have recently proven themselves capable of attacking from without, as in the case of a breach of security at the U.S. government, but attacks from within may be equally as likely because individuals can have direct access to sensitive systems on a daily basis.

The correct security protocols initiated by device management and user management systems can keep most employees away from sensitive information. Constant analysis of entire systems, though, is necessary to determine whether or not attacks have taken place or are currently in progress. That sort of analysis is also necessary to effectively determine if any data in organizations systems have been compromised.