Some IT departments are taking steps to effectively improve their security posture, as well as highlighting problems in security which can expose companies to cyber threats, according to a survey.
Mav Turner, Director of Business Strategy for SolarWinds, said of the results: “The most surprising finding of the survey is just how many UK organisations are less vulnerable today than they were a year ago, and, on a related note, how many have implemented security technologies and better security training. While this is a sign the industry is trending in the right direction, it’s important for IT professionals to never get too confident in their organisations’ security posture, which could potentially result in overestimating one’s defences. After all, the findings also illustrate how high the stakes are—while less than one-third of UK organisations experienced a security breach in 2015, of those, 77 percent store potentially sensitive customer data.”
Fielded between December 2015 and March 2016, with Penton Research, the survey yielded responses from 109 IT practitioners, managers, directors and executives in the UK from small, midsize and enterprise companies. Dr Kristen Letourneay, Director of Research at Penton Research, said: “Given the heightened international media attention on IT security breaches, it was a pleasant surprise to see that 43 percent of respondents did not experience any security breaches in 2015, and only 28 percent believe a security breach is likely in 2016. Survey data seems to reflect a shifting focus from fear of cyberattack, to the implementation, maintenance and refinement of established and effective security systems.”
Findings:
While challenges to improving IT security remain, there is a trend towards better security preparedness and effectiveness.
· Nearly half of IT professionals surveyed said their organisations did not experience any security breaches in 2015, compared to just 30 percent who did
· 39 per cent said their organisations are less vulnerable to security threats in 2015 compared to a year
· 42 per cent of those surveyed said time taken to detect a threat had decreased in 2015 – more than double those who said their response time has increased.
· Over a third said their time to respond to a threat decreased in 2015
Organisations whose security posture improved over the past year found success through a handful of vital security technologies and best practices. Among those who said their organisations are now less vulnerable than they were a year ago, the top five reasons reported were:
1. Improved patch management
2. Implementation of configuration change management, alerting and approval tools
3. Adoption of intrusion detection and prevention systems/introduction or expanded use of data encryption (tie)
4. Implementation of log analysis, such as security information and event management (SIEM) tools/standardisation of network configurations and monitoring (tie)
5. Implementation or improvements to an identity management system
· Endpoint security software topped the list of the most important technologies or practices for ensuring IT security, with 81 per cent identifying it as critical or very important, followed by patch management software (75 per cent) and identity and access management tools (68 per cent) to round out the top three
· More than half also identified configuration management software and SIEM software as critical or very important to ensuring IT security
Despite these positive developments, IT departments must still be vigilant against the threat and consequences of security breaches.
· 38 per cent said the number of security incidents their organisations experienced in 2015 increased from 2014
· Of those whose organisations experienced a security breach in 2015, 38 per cent said the breaches were of medium to major severity
· More than three-quarters of the organisations breached in 2015 store sensitive customer data, with one-third of those storing data on at least 100,000 customers
· While just slightly more than a quarter expect their organisations to suffer from a security breach in 2016, nearly 80 per cent store customer data, including 38 percent that store customer banking information
· Increasingly distributed data and the increasing sophistication of attacks tied as the number one factor most commonly thought to make an organisation more vulnerable
Read a full breakdown of the survey results at: http://www.solarwinds.com/.
