Press Release: Over 40 percent of IT professionals ignore critical security issues they can’t fix
Outpost24 survey reveals security professionals have least confidence in the security of the cloud infrastructure and most confidence in their owned infrastructure and data centres
Naperville, IL – May 10, 2018
Outpost24, a leading provider of Vulnerability Management solutions for commercial and government organizations, today announced the results of a survey of 155 IT professionals, which revealed that 42 percent ignore critical security issues when they don’t know how to fix them (16 percent) or don’t have the time to address them (26 percent).
The survey, which was carried out at the RSA Conference in April 2018, also asked respondents what area of their IT estate consider to be the least secure. This revealed 25 percent are most concerned about their cloud infrastructure and applications, 23 percent are most concerned about their IoT devices, 20 percent said their mobile devices, 15 percent said their web applications, while 13 percent were most concerned about their data assets, databases and shares. Owned infrastructure and data centres seems to cause the least concern, with only 5 percent saying they were least secure.
Additionally, when survey respondents were asked how quickly their company remediates known vulnerabilities, 16 percent stated they review their security at a set time every month, seven percent said they do it every quarter, however a worrying five percent said they only carry out assessments and apply fixes once or twice a year. Only 47 percent of organizations patch known vulnerabilities as soon as they are discovered.
“The trend lines have already been drawn, and we can see from the survey results that they are not improving,” said Bob Egner, VP at Outpost24. “Survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security organizations with the skills and resources to keep up. It’s vital that organizations have full awareness of all assets that the business relies on, and that they are constantly tuning for the lowest possible level of cyber security exposure.”
Respondents were also asked if security testing is conducted on their enterprises systems, which revealed that seven percent fail to conduct any security testing whatsoever, however, reassuringly, 79 percent of respondents said they do carry out testing. Respondents were also asked if their organization had hired the services of penetration testers and 68 percent revealed they had. The study also found that of those organizations that had hired penetration testers, 46 percent had uncovered critical issues that could have put their business at risk.
Egner added: “Outsourcing services like penetration testing can be an excellent way to get a holistic overview of the cyber security exposure across all an organization’s assets as well as expose threats within systems that may well have gone unnoticed. To maximize the value of testing investment, remediation action should be taken as close to the time of testing as possible. With the proliferation of connected technologies, the knowledge and resource gap continue to be key challenges. Security staff can easily become overwhelmed and lose focus on the remediation that can be most impactful to the business.”
For more insights into the study, download the full RSA survey report.
Outpost24 is a leading Vulnerability Management company focused on enabling its customers to achieve maximum value from their evolving technology investments. By delivering insights that reduce vulnerabilities and attack surface for any architecture, Outpost24 customers continuously improve their security posture with low effort. Over 2,000 customers in more than 40 countries around the world trust Outpost24 to inspect their devices, networks, and web applications and report compliance status to government, industry sector, or internal regulations. Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.