Most organizations within the United States, United Kingdom and the German speaking countries in Europe are experiencing an alarming number of security breaches and exhibit a diverse range of exposures, indicating that gaps in existing security operations and defenses are widely apparent, according to an IDG survey of 1,600 senior IT security and technology purchase decision makers.
When ranked according to impact on a global basis, the health care sector was particularly affected by data leakage monitoring issues (60 percent) compared to other industries, with education scoring relatively high on four out of the six top threat areas compared to the other sectors.
Respondents in the health care sector across all three regions revealed themselves to be even more immature in personal mobile device security (65 percent) and endpoint compliance discovery and remediation (62 percent) compared to the cross-industry aggregate.
The education industry appeared to have more issues with virtual machine security (68 percent) and inventory management (65 percent) compared to industry aggregate.
While the financial industry appears to have seen fewer violations in the area of data leakage monitoring, it recorded slightly higher-than-average data leakage incidents compared to other industries, the report found.
Problem prevention is perceived to be more challenging today than two years ago by 49 percent of all organizations across all industry sectors with the average brought down by a slightly lower figure in the health care sector (45 percent).
Problem diagnosis (42 percent) and remediation (41 percent) were also deemed more difficult on aggregate though less so in the manufacturing sector, which attributed slightly more significance (42 percent) to problem identification, while finance saw problem remediation (48 percent) as a particular issue.
When asked to rank the efficacy of cyber-security policy definitions, technical controls and mitigation capabilities in place within their organizations, an average of 17 percent of respondents across all three regions and industry sectors rated the controls listed in the above graph at the highest level (81-100 percent) in any one given control among the 24 referenced in the survey.
Despite respondents across all three regions being generally optimistic about the levels of visibility and control they currently have into network and endpoint security, the top five areas within which they indicated either lower or no confidence centered on knowing devices on their network, maintaining appropriate defenses on devices, virtual machine configurations and remote devices not adhering to security policy.
“Our survey findings suggest that IT professionals are still discerning where to apply tool and control integration capabilities,” the report concluded.” Interoperability can better advance prevention, diagnosis and remediation capabilities, areas with greater perceived security management challenges, and overall can provide an opportunity for policy-based automation – all of which could free up staff time and resources for other tasks within the business.”