Survey finds 85 percent have confidence in their infosec chops, but two thirds have probably been breached
There’s a big gap between perception and reality when it comes to IT security in larger organizations, a new survey finds. Security practitioners feel pretty good about their security posture, but their confidence is demonstrably unwarranted.
The Lowdown: The survey of 300 IT security pros by Big Data platform maker Syncsort found that while 85 percent of respondents trust their organization’s security program, 41 percent admit to a security breach and another 20 percent say they aren’t sure if they’ve been breached.
The Details: Part of the disconnect stems from a lack of visibility into, and diligence around, evolving security controls. About a third of organizations perform only annual security audits into areas like app security, BCDR, network security, and policies. Those internally driven reviews are insufficient to maintain good security posture in a dynamic and hostile cybersecurity environment.
The polled practitioners cited several key challenges, including cloud security (28 percent), the growing complexity of regulations (20 percent), and insufficient IT security staffing (19 percent). Nearly half of respondents (46 percent) said their companies increased spending in the past three years for basic security blocking and items such as network firewalls, anti-virus solutions, and malware protection.
In the coming year, close to four in 10 plan to invest more in internal staffing and skills.
The Impact: Misguided perceptions of security manifest in myriad and troubling ways. Of the organizations that fessed up to being hacked, most (76 percent) succumbed to virus and malware attacks while 72 percent suffered phishing attacks. About half of the virus attacks came from internal sources, the respondents said.
Companies’ most common action after a breach was to increase security awareness training for staff, the Syncsort survey found.
The Buzz: “The good news is most organizations are auditing their security systems,” said Terry Plath, SVP for support and services at Syncsort in Pearl River, NY. “The bad news is more than two-thirds of audits are done by in-house staff, meaning they’re more likely to be biased, and only once per year. This may not be enough to keep up with the newer and more sophisticated approaches malicious hackers are constantly developing.
“The bottom line is that data security requires increased focus from IT organizations, particularly against the backdrop of increasing compliance regulations and emerging data rights,” Plath added.