While most IT organizations are resigned to the fact that they will experience a significant security incident in the next three years, the vast majority are unprepared to deal with its consequences.
Those are the findings of a recent survey of 200 IT security professionals conducted by Trusted Strategies on behalf of Solera Networks, a provider of a network forensics appliance.
The survey finds that 82 percent of those surveyed expect to have a significant security issue in the next three years, but 52 percent admitted that their organization is not ready to handle such an issue. And 35 percent said they currently lack an up-to-date security response plan. Worse yet, 64 percent said they lack the tools to determine the full scope of a security incident, and 20 percent said it would be impossible to determine the full scope of such an incident.
Pete Schlampp, vice president of marketing and product management for Solera Networks, says that as the security landscape gets more threatening and complex to manage, most IT organizations are poorly equipped to deal with such threats.
In fact, the major concern for IT organizations seems to be actual systems outages and the length of time it takes to recover a system if it crashes. This suggests, says Schlampp, that some IT organizations might be too focused on parochial concerns rather than on how the malware on their system might actually be affecting the business, especially when it comes to theft of data.
Obviously, the convergence of security and IT operations is critically important. But the real challenge, says Schlampp, is first accepting the fact that some sort of security incident is going to happen and then putting in place a holistic approach to managing the problem that not only discovers all the IT issues at hand, but also all the potential ramifications that breach could have on the business. Only then will IT organizations really be pursuing a true risk-based approach to security management.
Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ... More >>
While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ... More >>
Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ... More >>