Organizations Feel More Confident in their Security Than a Year Ago: Report
Half of IT professionals say their organizations are less vulnerable now than a year ago, compared to only 12 percent who say they are more vulnerable, according to a report released Tuesday by IT management provider SolarWinds.
Penton Research surveyed 221 IT professionals between December 2015 and March 2016 from various sized-companies in North America for SolarWinds.
While 55 percent of those surveyed did not experience a breach in 2015, only 29 percent said they did, leaving nearly one in six who (troublingly) seem to not know. Thirty percent of organizations experienced less IT security incidents in 2015, while only 20 percent experienced more. This could represent a stunning decline in attacks, but more likely reflects attacks becoming more specifically targeted and repeated, in line with other recent research. Indeed, increasing sophistication was cited as the top reason for increased vulnerability.
TRENDING: Cloud Companies “Might Feel Good About Themselves” But Good Luck Reaching AWS Heights: Report
There is more encouraging news, however, as 36 percent said their response time decreased, versus 28 percent saying it had increased. SQL injection attacks, known vulnerabilities, rogue network devices, and security policy violations each take “mere minutes” for roughly half of those surveyed to detect.
“The most surprising finding of the survey is just how many organizations are less vulnerable today than they were a year ago, and, on a related note, how many have implemented security technologies and better security training,” Mav Turner, director, business strategy, SolarWinds said in a statement.
However, Turner warns, IT professionals need to avoid overestimating their defenses, as the stakes have risen, with 72 percent of breaches occurring at organizations who store customer data, and 45 percent store social security numbers. Over half considered the breaches to be medium or major severity.
“Given the heightened international media attention on IT security breaches, it was a pleasant surprise to see that 55 percent of respondents did not experience any security breaches in 2015, and only 24 percent believe a security breach is likely in 2016,” said Dr. Kristin Letourneau, director of research at Penton. “The survey data seems to reflect a shifting focus from fear of cyberattack, to the implementation, maintenance and refinement of established and effective security systems.”
When asked about best security practices, 83 percent identified endpoint security software as critical or very important, followed by patch management software (75 percent) and access management tools (71 percent). The top reasons for decreased vulnerability are adoption of intrusion detection and prevention systems, increased data encryption, patch management, security information and event management (SIEM) tools, and personnel security training.
Disclosure: Penton is the WHIR’s parent company.
Source: TheWHIR