Only one in three organizations is confident of avoiding a data breach
A majority of organizations are not confident in their ability to avoid major data breaches according to a new study.
The report for breach avoidance company Balbix, based on research from the Ponemon Institute, shows that 68 percent feel their staffing is not adequate for a strong cybersecurity posture and only 15 percent say their patching efforts are highly effective.
It also reveals that 67 percent feel they don't have the time and resources to mitigate all vulnerabilities in order to avoid a data breach, and 63 percent say 'inability to act on the large number of resulting alerts and actions' is a problem.
The result of this mismatch between alert volumes and limited resourcing is postponed patching, no prioritization of actions and ultimately a weaker cybersecurity posture. 69 percent scan just once a month or even less frequently, while 49 percent scan only quarterly or on ad hoc basis. Just 49 percent say their organization does complete, up-to-date, patching.
When asked about what improvements could be made, 70 percent named automatic discovery of unmanaged assets, and 64 percent wanted the ability to analyze vulnerabilities in IoT, BYOD and third-party systems. Analyzing both unpatched systems and other attack vectors was named by 60 percent, receiving a risk-based and prioritized list of actions by 56 percent, and receiving prescriptive fixes for recommended action by 52 percent.
"We are not surprised by these findings from Ponemon Institute's research," says Gaurav Banga, founder and CEO of Balbix. "While respondents’ confidence levels in their ability to avoid a breach is obviously troubling, it is clear that most understand the reasons why -- alert volume, limited team resources, lack of visibility across assets, and very limited contextual risk. On the positive side, respondents cite a clear list of capabilities that can help them better see and manage their vulnerabilities, which will eventually improve their overall security posture."
The full report can be downloaded from the Balbix site.