77 percent of executives ‘confident’ in basic security controls

Twenty-seven percent of IT professionals ‘not confident’ in the secure configuration of network devices.

  • Thursday, 13th November 2014 Posted 11 years ago in by Phil Alsop

Tripwire, Inc. has announced the results of an extensive survey conducted by Atomik Research on the state of foundational security controls. The survey respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K.


Respondents were asked about the level of confidence they have in their application of foundational security controls, including hardware and software inventory, vulnerability management, patch management and system hardening. These controls are required by the most widely recognized global security standards and organizations, including:
• The PCI Data Security Standard (PCI DSS)
• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
• National Institute of Standards and Technology (NIST)
• The Sarbanes-Oxley Act (SOX)
• The Health Insurance Portability and Accountability Act (HIPAA)
• Control Objectives for Information and Related Technology (COBIT)
• ?International Organization for Standardization (ISO)

According to a report by the United States Computer Emergency Readiness Team (US-CERT), 96 percent of successful data breaches could be avoided if simple or intermediate security controls were put in place. Tripwire’s survey found that 77 percent of all respondents felt “confident” in their implementation of these basic security controls. However, despite the ongoing increase in targeted cyberattacks, 27 percent of IT professionals remain “not confident” in the secure configuration of common devices connected to their network.


Key survey findings included:
• Over 100 million records have been comprised in retail data breaches in the last 12 months as a result of malware on point of sale devices, but 77 percent of retail IT professionals are “confident” that all of the devices on their network are running only authorized software.
• Despite an ICS-CERT warning regarding an ongoing, sophisticated malware campaign targeting ICS systems, 89 percent of executives from the energy industry are “very confident” or “fairly confident” in their vulnerability management program.
• Only 10 percent of security professionals are “very confident” in their patch management program.
• Only 47 percent of IT professionals are “confident” in the secure configuration of routers, firewalls and modems connected to their network.
 

Qlik widens its alliances, enhancing partner capabilities to streamline access to its data...
Financial services are leveraging AI for security but face visibility and complexity challenges in...
Marketplacer has integrated with Snowflake’s Marketplace Capability Delivery (MCD) Program,...
AnywhereNow has introduced Dialogue Cloud Neo, an omnichannel contact centre platform for...
Arrow Electronics has received Veeam’s 2026 EMEA Aggregator of the Year award, recognising its...
Qualcomm Incorporated has announced an agreement to acquire Modular, aiming to strengthen its...
Wasabi Technologies launches the Wasabi Impact Circle, helping partners track and mitigate carbon...
Commvault and Microsoft forge a new alliance to strengthen AI and cyber resilience for enterprises...