A third of organisations experienced more than two “significant” security incidents in the past year.
The survey of 1,600 IT information security decision makers in organisations of more than 500 employees, conducted by ForeScout, found that while the majority of IT organisations were aware that some of their security measures were immature or ineffective, only 33 per cent had high confidence that their organisations will improve their less mature security controls.
Also on aggregate, one in six organisations had five or more significant security incidents in the past 12 months. While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful.
Jan Hof, director of international marketing at Forescout, told IT Security Guru that 50 per cent of respondents felt confident with their threat management. “Users need more in place to make the likelihood of suffering an incident to be as little as possible and identify as much as possible and share intelligence with your partners to minimise the impact.”
The survey found that 61 per cent cited “low to no” confidence on network device intelligence, maintaining configuration standards and defences on devices, and ensuring virtual machine and remote devices adhere to policy. Hof said that now everything goes behind the firewall, everything has changed and now it was about IT trying to be more efficient.
“There is an explosion on devices and they will grow more and more, so there is a need for real time visibility, and that will continue to happen every year,” he said. “We can all look deeper for the problem if we all share, then we can work together. We say if you cannot see, you cannot secure.”
More than three-quarters (78 per cent) of respondents cited BYOD as having an impact on governance, risk and compliance. Scott Gordon, chief marketing officer at ForeScout, said that this was why network access control was one of the main drivers of BYOD as often it is a violation of policy of a prevalent issue.