Page 17 - index
P. 17
Is a False Sense of Security Putting Your Organization at Risk?
By Mav Turner, Director, Security, SolarWinds
Target, Home Depot, Sony and Jennifer Lawrence. Just a year ago, most would be hard-
pressed to think of a commonality between these besides the fact that they are all well-known
entities. Now, however, the answer is obvious—all have been victims of cyber-attacks resulting
in loss of sensitive information.
As security breaches persist in the headlines day after day, business leaders and the public at
large feel less confident about where their data is stored, how it is transmitted and what steps
companies are taking to ensure sensitive information is secure.
So, it may be perplexing to learn that a recent SolarWinds survey found that 84 percent of IT
th
professionals believe their organizations are “very secure”—that is they fall in at least the 30
percentile of the most secure organizations. Even more stunning is that 15 percent of those said
th
their organizations are in the top 10 percentile. In addition, 87 percent said they feel their IT
departments currently have sufficient resources to keep their organizations secure.
Where is this confidence stemming from? Increased budget, man-power and integration
between security and other IT processes and operations, such as network and system
administration, are likely driving it.
For example, 74 percent of those surveyed reported their departments’ security budgets
increased from last year to this year. Moreover, only 1 percent said their organizations do not
have at least one staff member responsible for security, and 97 percent said they have more
than one. This man-power could explain why 61 percent said they are able to test their defenses
at least monthly. Finally, 47 percent said their IT departments tightly integrate security and other
IT processes and operations, while all others reported at least some level of interaction
However, this begs an obvious question: Does this confidence indicate a false sense of security,
thereby increasing organizations’ risk and vulnerability, or are the measures organizations are
taking really that effective?
Unfortunately, the survey results indicate the former is more likely. For example, though nearly
30 percent of respondents do not believe their organizations are a target for an attack and
another 27 percent said they feel they are at low risk of a successful attack, 82 percent reported
their organizations have experienced a significant attack, with approximately one-third of those
reporting that it took at least one month to discover the attack. Furthermore, approximately one-
third also said it took at least one month to recover from the attack. Underscoring this is that
nearly 40 percent said their organizations either do not have defined security best practices or if
they have them, do not regularly follow them.
17 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
