While 80 percent of organizations experienced a security incident in 2015, 71 percent of IT professionals expect their organizations to be more secure in 2016, according to a Spiceworks survey of 197 IT professionals.
When asked how they plan to invest in more advanced solutions, 36 percent of IT pros expect to increase their investment in intrusion detection, 24 percent expect to increase investment in penetration testing and 22 percent expect to increase investment in advanced threat protection.
"It's surprising to see the gap between the security threats feared by IT pros and the attacks they actually experienced this year, particularly when it comes to ransomware," Peter Tsai, IT analyst at Spiceworks, told eWEEK. "While 20 percent of IT pro respondents actually experienced a ransomware attack in 2015, more than half indicated that it was a top concern. Our theory is that steady news coverage, the hostile nature of the malware and numerous anecdotes of ransomware horror stories could be elevating the fear of this relatively new threat."
Tsai said some of the hurdles businesses face when implementing an IT security strategy include putting in place a truly effective IT security strategy, which requires companies to adopt a holistic approach covering technology, people and processes.
"This requires the participation of every single person in an organization, even those who aren't tech savvy," he explained. "Therefore, one of the biggest hurdles is educating end users on security dangers and convincing them of the need to take precautions. Additionally, many IT departments lack the budget needed to invest in security solutions or manpower to dedicate the countless hours required to properly secure networks and keep up with the latest threats."
To protect end users from breaches on various devices in the workplace, 73 percent of IT pros are enforcing end-user security policies and 72 percent are regularly educating their employees on topics such as how to avoid malware and how to spot phishing scams.
"Many IT departments now support multiple devices per employee. These connected PCs, smartphones, tablets, wearable and Internet of things devices increase an organization's potential attack surface and give IT departments more to worry about, especially if devices have access to company data," Tsai said. "IT professionals need to be extra careful to restrict access to networks and sensitive information and develop strategies for tracking, patching and managing company-owned devices."
They also need a solid plan to handle employee-owned devices that come into the workplace, such as keeping them on a completely separate guest network, he noted.