Information Technology is a key ingredient that drives a business. With the increase use of information technology in organizations, there is a growing need for adequate cyber defense techniques. Approach towards business security on a periodic basis is an important, yet commonly ignored step. This is because; administrators believe that the security policy still matches well with the organization’s needs. Such approach to security gives rise to various security issues in an organization.
A recent 2014 Cyber Defense Maturity Report, which was conducted by IDG Connect revealed that more than 96 percent of organizations have experienced a significant IT security incident in the past year. Survey respondents included 1,600 IT information security decision makers in organizations with more than 500 employees and spanning five industries in the U.S. and Europe. As per the report, more than 43 percent respondents perceive problem prevention, identification and diagnosis as more challenging than two years ago. The report also revealed that one in six organizations had five or more significant security incidents in the past 12 months.
According to the report, most frequently seen security issues were from malware and advanced persistent threats, application and wireless security issues, network resource access problem, unsanctioned application, use of personal mobile device and data leakage. Along with this, phishing, compliance policy violations and unauthorized data access are additional reasons why organizations fall prey to attacks.
Security incidents recorded in manufacturing, education and finance sectors in general appear more prone to phishing attacks. Healthcare industry was more affected by data leakage monitoring issues, especially in the UK. On the other hand, financial institutions saw more incidents caused by phishing attacks, compliance policy violations, unsanctioned application use, and data leakage. These institutions overall found more challenging to solve the issues compared to other sectors.
However, more than half of respondents said that their organizations do not invest in the necessary skilled personnel and technologies to successfully fulfill its security mission. With regards to policy definition, technical controls and mitigation capabilities, the education sector appears the least mature while the financial sector appears the most mature.
The top five security technologies perceived to have the greatest interoperability value were firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).
The report also reveals that ‘network complexity, exposure diversity and threat velocity’ are making security operations far more challenging than they were a few years ago. As a result, prevention, diagnosis, identification and remediation, over-monitoring and documentation have become extremely difficult. Scott Gordon, chief marketing officer at Forescout says that the independent research clearly validates the need for continuous monitoring, intelligence and mitigation capabilities for better security management in an organization. The complete 2014 Cyber Defense Maturity Report offers more extensive data.