Some four in ten, 42 percent of IT people ignore critical security issues when they don’t know how to fix them (16 percent) or don’t have the time to address them (26 percent), it’s suggested. Outpost24 announced a survey of 155 IT people from the RSA Conference in the US in April.
The survey also asked what area of IT estate they consider to be the least secure. This showed 25 percent are most concerned about their cloud infrastructure and applications, 23 percent about their IoT devices, and 20 percent their mobile devices, 15 percent their web applications, and 13 percent their data assets, databases and shares. Owned infrastructure and data centres seem to cause the least concern, with only five percent saying they were least secure.
When survey respondents were asked how quickly their company remediates known vulnerabilities, 16 percent stated they review their security at a set time every month, seven percent said they do it every quarter. Five percent said they only carry out assessments and apply fixes once or twice a year. Only 47 percent of organisations patch known vulnerabilities as soon as they are discovered.
Bob Egner, VP at Outpost24 said: “The trend lines have already been drawn, and we can see from the survey results that they are not improving. Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up. It’s vital that organisations have full awareness of all assets that the business relies on, and that they are constantly tuning for the lowest possible level of cyber security exposure.”
Respondents were also asked if security testing is conducted on their enterprises systems, which revealed that seven percent fail to conduct any security testing; however, most, 79 percent of respondents said they do carry out testing. Respondents were also asked if their organisation had hired the services of penetration testers and 68 percent revealed they had. The study also found that of those organisations that had hired penetration testers, 46 percent had uncovered critical issues that could have put their business at risk.
Egner added: “Outsourcing services like penetration testing can be an excellent way to get a holistic overview of the cyber security exposure across an organisation’s assets as well as expose threats within systems that may well have gone unnoticed. To maximize the value of testing investment, remediation action should be taken as close to the time of testing as possible. With the proliferation of connected technologies, the knowledge and resource gap continue to be key challenges. Security staff can easily become overwhelmed and lose focus on the remediation that can be most impactful to the business.”
Request to download the full RSA survey report at https://marketing.outpost24.com/mkg/rsa-survey-2018.
