Organizations starting to gain the upper hand when it comes to IT security
- Published: Thursday, 05 May 2016 08:46
SolarWinds has released the findings of a new survey that highlights significant improvements in IT security preparedness and effectiveness among UK organizations.
Fielded between December 2015 and March 2016 in conjunction with Penton Research, the survey yielded responses from 109 IT practitioners, managers, directors and executives in the UK from small, midsize and enterprise companies.
“Given the heightened international media attention on IT security breaches, it was a pleasant surprise to see that 43 percent of respondents did not experience any security breaches in 2015, and only 28 percent believe a security breach is likely in 2016,” said Dr. Kristin Letourneau, director of research at Penton. “Survey data seems to reflect a shifting focus from fear of cyberattack, to the implementation, maintenance and refinement of established and effective security systems.”
While challenges to improving IT security remain, there is a trend towards better security preparedness and effectiveness:
- Nearly half (43 percent) of IT professionals surveyed said their organizations did not experience any security breaches in 2015, compared to just 30 percent who did.
- 39 percent said their organizations are less vulnerable now than they were a year ago, compared to 27 percent who said they are more vulnerable.
- More than twice as many said their time to detect a threat decreased in 2015 versus those who said it increased (42 percent versus 18 percent).
- 38 percent said their time to respond to a threat decreased in 2015 versus roughly a quarter (28 percent) who said it increased.
Organizations whose security posture improved over the past year found success by implementing a handful of vital security technologies and best practices:
- Among those who said their organizations are now less vulnerable than they were a year ago, the top five reasons reported were:
1. Improved patch management;
2. Implementation of configuration change management, alerting and approval tools;
3. Adoption of intrusion detection and prevention systems/introduction or expanded use of data encryption (tie);
4. Implementation of log analysis, such as security information and event management (SIEM) tools/standardisation of network configurations and monitoring (tie);
5. Implementation or improvements to an identity management system.
- Endpoint security software topped the list of the most important technologies or practices for ensuring IT security, with 81 percent identifying it as critical or very important, followed by patch management software (75 percent) and identity and access management tools (68 percent) to round out the top three.
- More than half also identified configuration management software (58 percent) and SIEM software (51 percent) as critical or very important to ensuring IT security.
Despite these positive developments, IT departments must still be vigilant against the threat and consequences of security breaches:
- 38 percent said the number of security incidents their organizations experienced in 2015 increased from 2014.
- Of those whose organizations experienced a security breach in 2015, 38 percent said the breaches were of medium to major severity.
- More than three-quarters (77 percent) of the organizations breached in 2015 store customer data, with one-third (33 percent) of those storing data on at least 100,000 customers.
- While just slightly more than a quarter (28 percent) expect their organizations to suffer from a security breach in 2016, more than three quarters (79 percent) of them store customer data, including 38 percent that store customer banking information.
- Increasingly distributed data and the increasing sophistication of attacks tied as the number one factor most commonly thought to make an organization more vulnerable (29 percent).