How IT is Fighting the Good Fight for Security Preparedness

Featured article by Mav Turner, Director, Business Strategy, SolarWinds

Security breaches made big news in 2015. It seemed that every week brought with it a new high-profile data breach from a trusted major company—from retail giants to health insurers, and even government agencies. For many organizations, this was a wakeup call to ensure their security procedures fully protect their networks, critical infrastructure and sensitive data. But are organizations really more prepared today?

It would seem so. A new survey found that IT is making headway when it comes to security preparedness. SolarWinds, in conjunction with Penton Research, conducted the survey, which found that, while challenges remain, organizations have made significant improvements in IT security preparedness and effectiveness. The survey yielded responses from 221 IT practitioners, managers, directors and executives in North America from small, midsize and enterprise companies.

Most surprisingly, 50 percent of those respondents said their organizations are less vulnerable now than they were a year ago, while only 12 percent said they are more vulnerable. On top of that, many have implemented new security solutions technologies and better security training, and only 24 percent believe a security breach is likely in 2016.

This shows a shift from the fear of cyberattacks to the knowledge of what’s needed to effectively mitigate those risks. However, this does not mean IT professionals can rest on their laurels. There are still many challenges, and IT departments must stay vigilant to protect their organizations against ever-evolving threats.

Here’s a comprehensive overview of the report’s key findings:

While challenges to improving IT security remain, there is a trend towards better security preparedness and effectiveness.

– More than half (55 percent) of IT professionals surveyed said their organizations did not experience any security breaches in 2015, compared to 29 percent who did.

– 50 percent said their organizations are less vulnerable now than they were a year ago, compared to 12 percent who said they are more vulnerable. Furthermore:

– Nearly one-third (30 percent) said the number of IT security incidents their organizations experienced decreased in 2015 versus one-fifth (20 percent) who said they increased.

– More than one-third (36 percent) said their time to respond to a threat decreased in 2015 versus roughly a quarter (28 percent) who said it increased.

Approximately half or more said it typically takes mere minutes for their organizations to detect the following threats:

– SQL injection attacks (47 percent)

– Exploitation of known vulnerabilities (50 percent)

– Misuse/abuse of credentials (47 percent)

– Rogue network device (52 percent)

– Security policy violations (47 percent)

Organizations whose security posture improved over the past year found success by implementing a handful of vital security technologies and best practices.

Among those who said their organizations are now less vulnerable than they were a year ago, the top five reasons reported were:

1. Adoption of intrusion detection and prevention systems

2. Introduction or expanded the use of data encryption

3. Improved patch management

4. Implementation of log analysis, such as security information and event management (SIEM) tools

5. Improved or increased security training for company personnel

– Endpoint security software topped the list of the most important technologies or practices for ensuring IT security, with 83 percent identifying it as critical or very important, followed by patch management software (75 percent) and identity and access management tools (71 percent) to round out the top three.

– More than half also identified configuration management software (60 percent) and SIEM software (54 percent) as critical or very important to ensuring IT security.

Despite these positive developments, IT departments must still be vigilant against the threat and consequences of security breaches.

– Of those whose organizations experienced a security breach in 2015, 52 percent said the breaches were of medium to major severity.

– Nearly three-quarters (72 percent) of the organizations breached in 2015 store customer data, with more than one-third (36 percent) of those storing data on at least 100,000 customers.

– While just a quarter (24 percent) expect their organizations to suffer from a security breach in 2016, three-fourths (75 percent) of them store customer data, including 45 percent that store customer social security numbers.

– The increasing sophistication of attacks is the number one factor most commonly thought to make an organization more vulnerable (28 percent).

In today’s fight against security threats, IT departments are gaining ground. By taking important steps in the implementation of security technology and employee training, many organizations are now more secure than ever. But while the results of the survey are a great sign that the industry is headed in the right direction, they’re also an important reminder that IT professionals must avoid becoming overconfident in their defenses.

The sophistication of attacks is increasing and evolving just as quickly as organizations are preparing.  And with many organizations storing sensitive customer data, the stakes are just as high as ever. IT professionals need to continue taking the same steps that made them more secure this past year. The security landscape is constantly changing, and IT needs to be ready to continue to fight the good fight.