New Security Survey Finds Differing Confidence Levels Surrounding Basic Controls

By Laura Stotler

The vast majority of IT professionals and executives are confident in their organization’s implementation of basic foundational security controls, according to a new survey. But in a more disturbing finding, less than half of those queried are confident in the secure configuration of common devices connected to their network, even though targeted cyber attacks are on the rise.

The survey was conducted by Atomik Research in conjunction with Tripwire, a provider of advanced threat, security and compliance solutions. Findings centered on the confidence levels of those queried related to the security of their own networks and associated devices. And despite more than 100 million records being compromised in retail data breaches over the past year, 77 percent of retail IT workers were confident all the devices on their networks were running only authorized software.

A whopping 89 percent of executives in the energy industry were fairly confident or very confident in their vulnerability management programs, even though warnings have been issued concerning a sophisticated malware campaign targeting incident command systems (ICS).

"It's not surprising that IT and security professionals have confidence in foundational security controls,” said Jane Holl Lute, president and CEO of the Council on CyberSecurity. “The controls are instrumental in defending against common cyber attacks and lay the foundation for effective defense against more sophisticated intrusions. But to be effective they must be implemented consistently across the entire enterprise."

However, when it comes to secure configuration of routers, firewalls and modems connected to their networks, only 47 percent of IT professionals said they were confident with their setups. And only 10 percent of security professionals were very confident in their patch management programs, which is a bit worrying considering how important they are to fundamental security controls.

"This survey clearly shows the disconnect between the executive branch and the IT branch and the false sense of security within a typical organization,” said Amar Singh, chair of ISACA UK SAG and founder of the Cyber Management Alliance. “This, in my opinion, false level of confidence may stem from several factors including the false belief that if no breach has been discovered 'we must be secure'."

Edited by Maurice Nagle

MSPToday Contributing Editor

Related Articles

UCaaS provider to MSPs Cytracom Gets Major Investment to Drive Growth

By: Erik Linask    2/28/2020

Cytracom, which provides UCaaS solutions to MSPs and has just gotten a majority investment from Sverica Capital Management to drive growth.

Read More

Key Considerations Before Using Managed Network Services for IoT

By: Special Guest    2/24/2020

While the benefits of IoT managed services are easily identifiable, they don't override the major concerns that are often less tangible.

Read More

Gordon Flesch to Acquire ITP and Create Large Midwest MSP

By: Laura Stotler    2/24/2020

MSP Information Technology Professionals (ITP) will be acquired by Gordon Flesch Company to create one of the largest MSPs in the Midwest. The combine…

Read More

MDR Provider for MSPs Huntress Tracks Down $18 Million Funding Round

By: Laura Stotler    2/21/2020

Huntress, a company that provides SaaS managed detection and response (MDR) solutions for MSPs and VARs to deliver to SMBs, has scored an $18 million …

Read More

Pax8 and Novacoast Announce Security Operations Center Strategic Partnership at ITEXPO

By: Arti Loftus    2/21/2020

With all its benefits, cloud hosting, storage, and computing are increasingly vulnerable to cyber threats, and at ITEXPO this week in Ft. Lauderdale, …

Read More