IT Pros Lack Confidence in their Cyber Defenses Citing Risks in People, Process and Technology
According to EiQ Cyber risk survey 72% of companies 'not well prepared' for a data breach
"Reputation" more at risk than financials; 79% of companies lack Cyber Insurance
BOSTON, May 5, 2015 /PRNewswire/ -- EiQ Networks, a pioneer in continuous security intelligence, risk and compliance solutions, announced the results of its annual Security Monitoring and SIEM survey about information security priorities and challenges. Based on responses from 168 IT decision makers across industries, results point to lack of confidence in their security technologies and lack of the people, processes to implement it.
Lack of Process was a top concern with 62% of IT pros noting they have either "no process" or a "partial process" in place to detect and respond to a security incident. Moreover, only 15% of companies surveyed believe their employees are "well prepared" to spot the signs of an attack and react accordingly.
72% of respondents stated that their IT infrastructure is "not well protected" and is vulnerable to Advanced Persistent Threats (APTs). However, 52% of companies surveyed say they have made it a "priority" to re-think their infrastructure to keep pace with APTs.
Low Confidence in Technologies Deployed for Cyber-Protection
The survey found that companies are using a variety of security technologies such as Traditional Firewall (86%); Anti-virus software (71%); IDS/IPS technologies (59%); Log management (58%); SIEM (44%).
Despite these technology deployments, only 27% of IT decision makers report they are truly "confident" that these technologies will work against a cyber-threat. 58% report they are "somewhat confident" in these technologies to effectively mitigate risk of security incidents and that they are still seeking alternatives.
Key Takeaways:
- Company and brand reputation more at risk than financials:
- 68% of companies surveyed said their "reputation" is more at stake than their financials
- 19% said they could withstand a "small financial hit" while 13% said a cyber-attack would "devastate us financially"
- Top areas of concern regarding IT security:
- Respondents indicated that Network perimeter (23%), Endpoints (21%) and Web applications (14%) were areas of highest concern.
- Respondents ranked the following priority security initiatives:
- (1) Network monitoring, (2) Anti-virus software, (3) Data encryption, (4) An IT security professional, (5) Cyber insurance policy, (5) Provider of managed services.
"Companies today have serious gaps in their security program, specifically the people, process and technology they need to protect their valuable customer and corporate data, and intellectual property," said Vijay Basani, Chairman, President and CEO of EiQ Networks. "In today's heightened threat environment, companies need to adopt a multi-pronged comprehensive security program that addresses vulnerabilities related to people, process, technology and culture. We believe there is demonstrable benefit to implementing SANS Critical Security Controls that deliver pro-active and reactive security controls & continuous monitoring to identify, prevent and mitigate cyber-security risks."
Methodology:
Conducted between March 26, 2015, and April 10, 2015, the study reflects responses from 168 IT decision makers including senior management, security managers, directors, and network and systems engineers across industries including healthcare, government, financial services and retail, with breakouts for small and midsize enterprises.
Resources:
- Infographic: View an infographic illustrating these survey results.
About EiQ Networks:
EiQ Networks, a pioneer in continuous security intelligence and compliance solutions and services, is transforming how organizations identify threats, mitigate risks and enable compliance. EiQ's SOCVue, a security monitoring and managed log management SaaS offering, is helping Small to Medium enterprises implement a comprehensive security monitoring program to proactively detect incidents, implement security best practices, and receive timely remediation guidance at a fraction of the cost of doing it on their own. SecureVue®, a continuous security intelligence platform, provides a single console that enables a unified view of an organization's entire IT infrastructure for continuous security monitoring, critical security control assessment, configuration auditing, and compliance automation. For more information, visit: http://www.eiqnetworks.com.
PR Contact:
Mike Gallo
Gutenberg Communications for EiQ Networks
212-239-8594
[email protected]
SOURCE EiQ Networks
Share this article