IT Security Improving, but Don’t Press Your Luck on Friday the 13th

Security professionals should not worry about Friday the 13th. Things will likely be OK, as long as they don’t stray from best practices.

While 55 percent of respondents said their organizations did not experience a security breach in 2015, 29 percent did. In summary, we’ve come a long way, but challenges to improving IT security remain.

IT is fighting the good fight: 50 percent of respondents said their organizations are less vulnerable now than they were a year ago, compared to just 12 percent who said they are more vulnerable.

Organizations whose security position improved over the past year found success by implementing a handful of vital security technologies and best practices, including the adoption of intrusion detection and prevention systems; improved patch management; implementation of log analysis, such as security information and event management (SIEM) tools; and improved or increased security training for company personnel.

Endpoint security software topped the list of the most important technologies or practices for ensuring IT security, with 83 percent of respondents identifying it as critical or very important, followed by patch management software (75 percent) and identity and access management tools (71 percent) to round out the top three. In addition, more than half of respondents also identified configuration management software (60 percent) and SIEM software (54 percent) as critical or very important tools.

Despite these positive steps forward for IT security, IT departments still must be mindful of the threat and consequences of security breaches. For instance, of those whose organizations experienced a security breach in 2015, 52 percent said the breaches were of medium to high severity.

Although more organizations are protecting themselves against breaches, the increasing sophistication of attacks is the factor most commonly thought to make an organization more vulnerable, according to the survey.

While approximately one-quarter (24 percent) of respondents said they expect their organizations to suffer from a security breach in 2016, 76 percent of them store customer data, including 46 percent that store customer social security numbers, proving that, for many, the risks and potential damage associated with cyber-attacks are high.