96% of organizations hit by a security incident in the past year
A new ForeScout report revealed that more than 96 percent of organizations experienced a significant IT security incident in the past year. The majority of IT organizations are aware that some of their security measures are immature or ineffective, but only 33 percent have high confidence that their organizations will improve their less mature security controls.
Increasing operational complexity and threat landscape have affected security capacity as more than 43 percent perceive problem prevention, identification, diagnosis and remediation are more challenging than two years ago. On aggregate, one in six organizations had five or more significant security incidents in the past 12 months.
While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful.
Survey highlights:
- One in six organizations had five or more significant incidents, and 39 percent had two or more incidents.
- Top security incidents comprised of phishing, compliance policy violations, unsanctioned device and application use, and unauthorized data access.
- 40 percent reported that security management tasks are more challenging now than two years ago; specifically problem prevention, diagnosis, identification and remediation.
- Most frequent cited security issues were from malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage.
- Control practices indicated as relatively immature were personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualization security, rogue device and application security. However, only 54 percent of respondents said they were somewhat confident in the likelihood of improvement over the next 12 months.
- Over 61 percent cited low to no confidence on network device intelligence, maintaining configuration standards and defenses on devices, and ensuring virtual machine and remote devices adhere to policy.
- The top five security technologies perceived to have the greatest interoperability value were firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).
Confirming these findings, Nicholas Sciberras, Product Manager at Acunetix states: “Unearthing all the security issues is an elaborate and time consuming task, and is often either not done properly, or not done at all. This is especially true for small and medium sized businesses that do not have the bandwidth and expertise to ensure that their perimeter network and web security are strong enough, allowing easy access to internal resources. What most organizations do not realize is that most security issues can be detected automatically using network and web security scanning solutions”.
Industry and regional highlights:
- Malware and APT attacks were rated as a top priority across all industries and regions, yet it appears that there is lower likelihood of investing further resources to reduce perimeter threats.
- Significant compliance policy violations that consumed a large amount of time to recover from occurred an average of 2.6 times in the last 12 months on aggregate across all three regions, but more in the U.S. as compared to U.K. and DACH countries.
- Manufacturing, education and finance sectors in general appear more prone to phishing attacks while the healthcare sector was more likely to experience higher than average compliance policy violations. Exception is the manufacturing vertical in the UK where unsanctioned application and device use, compliancy policy violations and zero-day malware showed more incidents.
- Healthcare was more concerned about data leakage monitoring issues compared to other manufacturing, education, retail and finance. Compared to the other verticals in the UK and/or security concerns, data leakage monitoring is by far the most important issue to healthcare in the UK; and in particular in the DACH region unsanctioned device and application use and system breaches appear more problematic.
- Financial institutions were subject to more incidents caused by phishing attacks, compliance policy violations, unsanctioned application use, and data leakage, and overall found problem remediation more challenging compared to other sectors.
- When it comes to policy definition, technical controls and mitigation capabilities, the education sector in general appears the least mature while the financial sector appears the most mature. In the UK also, the financial sector appears to be the most mature, but it is especially the healthcare sector in the UK that appears to be less mature.
- Countries in the DACH region have less confidence in improvements to inventory management tools than their counterparts in the U.K. and U.S.
- 78 percent of respondents on average cited BYOD as having an impact on GRC. While the retail sector appears to be more progressive on BYOD security, in general, European respondents cited data wiping and encryption as having a higher impact on governance, risk and compliance (GRC).
The survey, conducted and compiled by IDG Connect during May and June of 2014, illustrates the nature of security threats and the extent of defence maturity arrayed against organisations with more than 500 employees in the finance, manufacturing, healthcare, retail and education sectors in the U.S., U.K, Germany, Austria and Switzerland.