New Security Survey Finds Differing Confidence Levels Surrounding Basic Controls

By Laura Stotler

The vast majority of IT professionals and executives are confident in their organization’s implementation of basic foundational security controls, according to a new survey. But in a more disturbing finding, less than half of those queried are confident in the secure configuration of common devices connected to their network, even though targeted cyber attacks are on the rise.

The survey was conducted by Atomik Research in conjunction with Tripwire, a provider of advanced threat, security and compliance solutions. Findings centered on the confidence levels of those queried related to the security of their own networks and associated devices. And despite more than 100 million records being compromised in retail data breaches over the past year, 77 percent of retail IT workers were confident all the devices on their networks were running only authorized software.

A whopping 89 percent of executives in the energy industry were fairly confident or very confident in their vulnerability management programs, even though warnings have been issued concerning a sophisticated malware campaign targeting incident command systems (ICS).

"It's not surprising that IT and security professionals have confidence in foundational security controls,” said Jane Holl Lute, president and CEO of the Council on CyberSecurity. “The controls are instrumental in defending against common cyber attacks and lay the foundation for effective defense against more sophisticated intrusions. But to be effective they must be implemented consistently across the entire enterprise."

However, when it comes to secure configuration of routers, firewalls and modems connected to their networks, only 47 percent of IT professionals said they were confident with their setups. And only 10 percent of security professionals were very confident in their patch management programs, which is a bit worrying considering how important they are to fundamental security controls.

"This survey clearly shows the disconnect between the executive branch and the IT branch and the false sense of security within a typical organization,” said Amar Singh, chair of ISACA UK SAG and founder of the Cyber Management Alliance. “This, in my opinion, false level of confidence may stem from several factors including the false belief that if no breach has been discovered 'we must be secure'."

Edited by Maurice Nagle

MSPToday Contributing Editor

Related Articles

10 Rules for Cities Thinking About Automated Vehicles

By: Special Guest    7/12/2019

Introducing autonomous vehicles to urban areas such as big cities and small towns is a serious step that requires a lot of prior planning.

Read More

Why Wireless Will Drive Industrial IoT

By: Special Guest    7/11/2019

IoT is catching on, but why hasn't it caught on farther, faster? My theory is that fixed wires are holding IoT prisoner in homes, offices, factories, …

Read More

IBM Acquires Red Hat for $34 Billion to Embark on Open Hybrid Cloud Future

By: Ken Briodagh    7/10/2019

IBM preserves Red Hat's independence and neutrality, Red Hat strengthens existing partnerships to give customers freedom, choice and flexibility. Toge…

Read More

Sensoneo Commercial Narrowband IoT US Deployment Powered by Twilio and T-Mobile

By: Ken Briodagh    7/9/2019

Smart Waste Management company leverages Twilio and T-Mobile Narrowband (NB-IoT) connectivity to optimize waste collection, demonstrating the future o…

Read More

ElasticSearch's Orvibo Leaks Billions of Records and Passwords

By: Chrissie Cluney    7/9/2019

A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, has leaked more than two billion user logs from …

Read More