Companies are putting their customers’ data at risk because IT staff do not have the expertise or time to deploy complicated IT security products. That is according to a new survey from the US firm Lieberman Software Corporation.
The survey, which was carried out at RSA Conference 2015 in the US and measured the attitudes of nearly 170 IT security people, found that 69 percent of respondents do not feel they are using their IT security products to their full potential. As a result, 71 percent of IT professionals believe this is putting their company, and possibly customers, at risk.
When survey respondents were asked why they don’t use their IT security products to their full potential, 62 percent said they either found the products too complicated to deploy, too time consuming to deploy, or didn’t think they had the expertise to properly deploy them.
Philip Lieberman, pictured, President of Lieberman Software, said: “As zero-day attacks and other cyber threats evolve at a steady pace, many organizations are searching for new IT security solutions to defend against the latest wave of attacks. Unfortunately, these organizations often discover too late that the products they purchase cannot scale to large enterprise environments, or be deployed quickly enough to provide real defense. That creates a significant security deficit that leaves organizations at risk, as the findings in this survey indicate. To be effective in today’s cyber warfare environment, a security solution must have enterprise scalability, be rapidly deployed without requiring expensive or time-consuming professional services, and operate automatically and continuously – without involving direct human interaction.”
Also, 61 percent of survey respondents admitted that their organisation has deployed a security product purely to meet regulatory compliance regulations, rather than to increase security.
Lieberman added: “Regulatory compliance requirements drive most implementations of IT security products. However, compliance does not equal security. Despite the regulatory initiatives that most organizations are subject to, data breaches are now happening more frequently and becoming increasingly severe. There’s more to achieving real IT security than completing an auditor survey and marking a few check boxes. True security requires continuous measurement and correction in the face of the unrelenting cyber threats that compliance mandates simply fail to anticipate.”
For more on the survey, visit http://go.liebsoft.com/2015-information-security-survey.
Software vulnerabilities provide criminals with an entry point, an IT security firm says; and there’s a steady supply of vulnerabilities in popular software. F-Secure senior researcher Timo Hirvonen says: “Pieces of software will always have vulnerabilities, and there will always be criminals creating exploits for those vulnerabilities. It’s become a whole business model for these criminals, because the security patches that companies release basically expose the vulnerabilities in software. The criminals reverse engineer the patches to find vulnerabilities, and then they target those vulnerabilities with exploits they develop.”
According to Hirvonen, one way for people to defend themselves is to make sure their software stays updated. “Software vendors are quite good about releasing patches for these vulnerabilities, so it’s important that people use the patches as soon as they become you may take without even realising it, which motivates criminals to carry on such cyber-attacks.
