Threats and technologies of a shifting data security landscape
With every email now a target and every piece of data at risk, the need for data protection maturity has never been higher. According a new study released by Lumension, IT security departments are responding with better policies, improved technology approaches and financial commitment.
More than 700 IT professionals from around the globe responded to the study. Recognizing the importance of today’s data security threats, 51 percent of organizations now maintain multiple data protection policies, up 16% from when this question was first asked in 2012. In 2014, 27 percent consider their data security policies exhaustive while 18 percent say their policies are minimal, a decrease of 30 percent since 2012.
Organizations report a continued need to defend against many different types of attacks however – 57 percent cite malware, 23 percent say software vulnerability exploitation and 19 percent say denial of service attacks. They also struggle with related IT risks. Top on the list this year is accidental data loss by employees, say 40 percent. Up 10 percent over last year, this is also the largest increase.
To combat these risks, organizations are also implementing security training. Of those that do, 46 percent say they offer security training on a formal and ongoing basis and 28 percent do so on an informal and ad hoc basis. Both of these figures have increased over last year. However, nine percent say they offer no security training.
Among the top trends in IT, mobile remains influential and those realities are reflected in the survey results. Just eight percent maintain an “open access” policy. One-fifth allow access with employee education and 16 percent limit access to higher-level staff. One-quarter permit “controlled access,” while more than one-quarter restrict access.
Respondents also indicated their organizations are placing improved emphasis on security all the way through to their IT budgets. Those that assign less than two percent of their IT budgets to security fell 26 percent over last year and those that dedicate as much as 10 percent grew by 34 percent. Two-thirds of respondents consider their resource allocation sufficient for data protection policies and best practices.