In an environment where viewing the world with rose-colored glasses provides a false sense of security, a new survey found a large majority of users are confident in their security programs, but about half of them have suffered a breach and then another portion are not sure if they suffered an attack, a new report found.
The survey found 85 percent of respondents are either very or somewhat confident in their organization’s security program, however, 41 percent said their company had experienced a security breach and 20 percent more were unsure, according to a Syncsort survey of over 300 respondents.
“The good news is most organizations are auditing their security systems,” said Terry Plath, senior vice present, support and services at Syncsort. “The bad news is more than two-thirds of audits are done by in-house staff – meaning they’re more likely to be biased – and only once per year. This may not be enough to keep up with the newer and more sophisticated approaches malicious hackers are constantly developing. The bottom line is that data security requires increased focus from IT organizations, particularly against the backdrop of increasing compliance regulations and emerging data rights.”
In addition, the survey found other challenges and liabilities in security practices that contradict that assurance:
• Respondents had firsthand knowledge of vulnerabilities in security for Windows servers (69 percent), followed by network infrastructure (54 percent).
• Twenty-eight percent of respondents named adoption of cloud services as their top security-related challenge, followed by growing complexity of regulations (20 percent) and insufficient IT security staffing (19 percent).
• Security (42 percent) and cloud computing (35 percent) are organizations’ top two IT priorities in the coming year.
• Thirty-two percent of responding organizations only perform security audits annually, while 23 percent do so every three months and 19 percent every six months.
• The most popular areas examined in audits include application security (72 percent), backup/disaster recovery processes (70 percent), network security (69 percent), antivirus programs and password policies (67 percent each).
• Forty-six percent of respondents reported increased spending on security-related technology over the past three years. Thirty-five percent (each) developed or significantly updated a security program and increased spending to support cybersecurity initiatives.
• The top three security investments include network firewall (69 percent), virus protection (66 percent) and malware protection (65 percent), while investments in newer approaches like data tokenization (18 percent) are starting to emerge.
• Forty-one percent of organizations have experienced data breaches, while 39 percent have not, and 20 percent say they don’t know.
• The most common type of breaches were virus/malware attacks (76 percent) and phishing (72 percent).