Organizations suffer breaches despite confidence in their security measures
According to a new survey, 85 percent of respondents are either very or somewhat confident in their organization's security program, yet 41 percent say their company has experienced a security breach and 20 percent more are unsure.
The study from big data specialist Syncsort finds the most common type of breaches are virus/malware attacks (76 percent) and phishing (72 percent). Interestingly, virus attacks came from internal sources roughly half the time while phishing usually came from external sources (78 percent).
On a positive note, 50 percent of breaches were identified in less than a day, while 26 percent were identified in less than a week. Following a breach, companies' most common action was to increase training for IT staff (43 percent).
Among its findings is that security knowledge for newer systems is lacking. 69 percent claim first hand knowledge of security for Windows servers, and 54 percent for network infrastructure. But just seven percent are familiar with newer, but widely-adopted data storage options like Hadoop data lakes.
Adoption of cloud services is named by 28 percent as their top security-related challenge, followed by growing complexity of regulations (20 percent) and insufficient IT security staffing (19 percent). The regulation most respondents have to adhere to is GDPR (37 percent), followed by HIPAA and SOX (32 percent each). Security (42 percent) and cloud computing (35 percent) are seen as organizations' top two IT priorities in the coming year.
Of those organizations surveyed, 32 percent of only perform security audits annually, while 23 percent do so every three months and 19 percent every six months. The most popular areas examined in audits include application security (72 percent), backup and disaster recovery processes (70 percent), network security (69 percent), plus antivirus programs and password policies (67 percent each).
"The good news is most organizations are auditing their security systems," says Terry Plath, senior vice president, support and services at Syncsort. "The bad news is more than two-thirds of audits are done by in-house staff -- meaning they're more likely to be biased -- and only once per year. This may not be enough to keep up with the newer and more sophisticated approaches malicious hackers are constantly developing. The bottom line is that data security requires increased focus from IT organizations, particularly against the backdrop of increasing compliance regulations and emerging data rights."
You can find out more about the results on the Syncsort blog.