New Security Survey Finds Differing Confidence Levels Surrounding Basic Controls

By Laura Stotler

The vast majority of IT professionals and executives are confident in their organization’s implementation of basic foundational security controls, according to a new survey. But in a more disturbing finding, less than half of those queried are confident in the secure configuration of common devices connected to their network, even though targeted cyber attacks are on the rise.

The survey was conducted by Atomik Research in conjunction with Tripwire, a provider of advanced threat, security and compliance solutions. Findings centered on the confidence levels of those queried related to the security of their own networks and associated devices. And despite more than 100 million records being compromised in retail data breaches over the past year, 77 percent of retail IT workers were confident all the devices on their networks were running only authorized software.

A whopping 89 percent of executives in the energy industry were fairly confident or very confident in their vulnerability management programs, even though warnings have been issued concerning a sophisticated malware campaign targeting incident command systems (ICS).

"It's not surprising that IT and security professionals have confidence in foundational security controls,” said Jane Holl Lute, president and CEO of the Council on CyberSecurity. “The controls are instrumental in defending against common cyber attacks and lay the foundation for effective defense against more sophisticated intrusions. But to be effective they must be implemented consistently across the entire enterprise."

However, when it comes to secure configuration of routers, firewalls and modems connected to their networks, only 47 percent of IT professionals said they were confident with their setups. And only 10 percent of security professionals were very confident in their patch management programs, which is a bit worrying considering how important they are to fundamental security controls.

"This survey clearly shows the disconnect between the executive branch and the IT branch and the false sense of security within a typical organization,” said Amar Singh, chair of ISACA UK SAG and founder of the Cyber Management Alliance. “This, in my opinion, false level of confidence may stem from several factors including the false belief that if no breach has been discovered 'we must be secure'."

Edited by Maurice Nagle

MSPToday Contributing Editor

Related Articles

US Ignite & ATIS Complete Phase One of Smart Cities Data Exchange Framework

By: Ken Briodagh    4/24/2019

New consortium of industry partners includes: AT&T, C Spire, Cisco, Fujitsu, Current by GE, iconectiv, Interdigital, Microsoft, Oracle, Qualcomm, Veri…

Read More

IoT Evolution Expo 2020: The Thinking IoT Arrives

By: TMCnet News    4/24/2019

The industry's longest running event launches a new theme for Florida event focused on implementing the Thinking IoT to move businesses into the new c…

Read More

RealTerm Energy Launches MyTown, a New Smart City Solution Designed for Smaller Municipalities

By: Ken Briodagh    4/23/2019

RealTerm Energy recently launched MyTown, a new smart city app and asset management platform made specifically for small and medium-sized municipaliti…

Read More

Ericsson and Swisscom Team Up on European Commercial 5G

By: Ken Briodagh    4/18/2019

Swisscom consumers will have commercial 5G services in 54 cities and communities across Switzerland, enabled by Ericsson's 5G network features

Read More