Attacks/Breaches

1/18/2019
11:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Syncsort Survey Finds Disconnect Between Confidence in IT Security Programs and Data Breaches

Despite an Optimistic Security Outlook, 61 Percent of Organizations Report They Have Either Experienced a Security Breach or Aren't Sure

Pearl River, NY – January 10, 2019 -- Syncsort, the global leader in Big Iron to Big Data software, today announced results from a survey exploring companies’ top IT security investments and challenges. The survey revealed a sizable gap between confidence in security programs and their effectiveness

The survey of over 300 respondents found that while 85 percent of respondents are either very or somewhat confident in their organization’s security program, 41 percent said their company had experienced a security breach and 20 percent more were unsure.

The survey also uncovered several challenges and liabilities in security practices that contradict their high levels of confidence.

IT Infrastructure Knowledge and Security Investments Reveal Vulnerabilities Around Newer Data Sources

  • Respondents had firsthand knowledge of security for Windows servers (69%), followed by network infrastructure (54%).
  • In contrast, only seven percent were familiar with newer, but widely-adopted data storage options like Hadoop data lakes.

Cloud and Compliance Are Security Challenges

  • Twenty-eight percent of respondents named adoption of cloud services as their top security-related challenge, followed by growing complexity of regulations (20%) and insufficient IT security staffing (19%).
  • The regulation most respondents had to adhere to was GDPR (37%), followed by HIPAA and SOX (32% each).
  • Security (42%) and cloud computing (35%) are organizations’ top two IT priorities in the coming year.

Most Organizations Only Perform Security Audits Annually

  • Thirty-two percent of responding organizations only perform security audits annually, while 23 percent do so every three months and 19 percent every six months.
  • The most popular areas examined in audits include application security (72%), backup/disaster recovery processes (70%), network security (69%), antivirus programs and password policies (67% each).

Organizations Are Investing in Security, but Mostly Around Basic Measures

  • Almost half of respondents (46%) reported increased spending on security-related technology over the past three years. Thirty-five percent (each) developed or significantly updated a security program and increased spending to support cybersecurity initiatives.
  • The top three security investments include network firewall (69%), virus protection (66%) and malware protection (65%), while investments in newer approaches like data tokenization (18%) are starting to emerge.
  • In the coming year, 39 percent plan to invest in internal staffing and skills, while 23 percent plan to invest in intrusion prevention and 21 percent in patch management.

Data Breaches Are Common, and Most Organizations Don’t Meet Breach Response Metrics

  • Forty-one percent of organizations have experienced data breaches, while 39 percent have not, and 20 percent say they don’t know.
  • The most common type of breaches were virus/malware attacks (76%) and phishing (72%). Interestingly, virus attacks came from internal sources roughly half the time while phishing usually came from external sources (78%).
  • Fifty percent of breaches were identified in less than a day, while 26 percent were identified in less than a week.
  • Mean time to respond was the breach metric most often met (41%), followed by mean time to resolve (35%).
  • Following a breach, companies’ most common action was to increase training for IT staff (43%).

“The good news is most organizations are auditing their security systems,” said Terry Plath, Senior Vice President, Support and Services, Syncsort. “The bad news is more than two-thirds of audits are done by in-house staff – meaning they’re more likely to be biased – and only once per year. This may not be enough to keep up with the newer and more sophisticated approaches malicious hackers are constantly developing. The bottom line is that data security requires increased focus from IT organizations, particularly against the backdrop of increasing compliance regulations and emerging data rights.”

For more information on the study results, register for our webcast, “The State of IT Security for 2019: Results from Syncsort’s Security Survey.”

Methodology

Syncsort polled over 300 respondents, 78 percent of whom have more than 100 employees at their organization. Participants represented a range of industries including government & public safety, education, financial services and healthcare.

About Syncsort

Syncsort is the global leader in Big Iron to Big Data software. We organize data everywhere to keep the world working – the same data that powers machine learning, AI and predictive analytics. We use our decades of experience so that more than 7,000 customers, including 84 of the Fortune 100, can quickly extract value from their critical data anytime, anywhere. Our products provide a simple way to optimize, assure, integrate, and advance data, helping to solve for the present and prepare for the future. Learn more at syncsort.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.