• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Newsletters
• Training

WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

SolarWinds survey points to a false sense of security in UK organizations

A lack of widespread adherence to best practices, combined with the number of organizations that have suffered a significant cyber attack, potentially indicates a false sense of security.

SolarWinds has released the results of its Information Security Confidence Survey, which explored IT professionals’ confidence in their organizations’ security measures and processes. The survey found that while confidence is notably high, likely the result of several key factors, widespread adherence to security best practices is lacking and significant, damaging attacks continue: potentially indicating this confidence is a false sense of security.

“Organizations are taking positive steps toward improving their information security; most notably in terms of budget and resources,” said Mav Turner, director of security, SolarWinds. “It’s important, however, to never fall into the trap of over-confidence. IT pros should do everything they can to ensure the best defences possible, but never actually think they’ve done everything they can. This approach will ensure they are proactively taking all the steps necessary to truly protect their organizations’ infrastructures and sensitive data.”

Conducted in October 2014 in conjunction with Enterprise Management Associates, the survey yielded responses from 168 IT practitioners, managers, directors and executives in the UK from small and midsize enterprise companies.

“The survey brought out many interesting and disturbing trends,” said David Monahan, research director, risk and security management, Enterprise Management Associates. “The general over-confidence demonstrates why we are seeing more breaches. Much of this appears to come from the concept that compliance is equivalent to security. Knowing that all of the major retailers that have experienced breaches in the last year have been considered compliant, we know that is not true.”

Key survey findings:

• IT professionals are confident in their organizations’ security measures and processes. In fact, 76 percent of those surveyed said they consider their organizations to be very secure, falling within at least the 30th percentile of the most secure organizations, with 10 percent of those believing their organizations are in the top 10th percentile. In addition, 79 percent said their IT departments currently have sufficient resources to keep their organizations secure.
• Increased budget, man-power and integration between security and other IT processes and operations, such as network and system administration, are driving this confidence.
• Widespread adherence to security best practices is lacking and damaging attacks continue to plague organizations, potentially indicating that the high level of confidence is a false sense of security. Though 31 percent of respondents do not believe their organizations are a target for an attack and another 21 percent said they feel they are at low risk of a successful attack, 84 percent reported their organizations have experienced a significant attack, with 35 percent reporting that it took at least one month to discover the attack. Furthermore, 39 percent also said it took at least one month to recover from the attack (get the affected systems/applications back online/operating and the security hole mitigated). Underscoring this is that 39 percent said their organizations either do not have defined security best practices or if they have them, do not regularly follow them.

www.solarwinds.com

•Date: 26th November 2014 • World •Type: Article • Topic: ISM

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.