Security Management Needs A Greater Focus

by CXOtoday News Desk    Jul 21, 2014

IT security

Despite a growing interest among enterprises to invest in IT security practices, a new study shows that network complexity, and the variety and velocity of threats continue to haunt security framework in an organization and there is a need to improve IT security management. Nearly 40 percent of IT organizations experienced more than two significant security incidents, says network security firm ForeScout in its 2014 Cyber Defence Maturity Report.

The report reveals that over 96 percent of organizations experienced a significant IT security incident in the past one year. Most frequent cited security issues include malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage. Forty percent CIOs also reported that security management tasks are more challenging now than two years ago; specifically problem prevention, diagnosis, identification and remediation.

The majority of these entities are aware that some of their security measures are inadequate or ineffective. According to the CSO or CIOs, control practices that are relatively immature include personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualization security, rogue device and application security.  However, nearly half of them have the confidence to improve their security controls in the coming months.

Moreover, two third of the respondents cited low confidence on network device intelligence, maintaining configuration standards and defenses on devices, and ensuring virtual machine and remote devices adhere to policy.

Malware and APT attacks were rated as a top priority across all industries and regions, yet it appears that there is lower likelihood of investing further resources to reduce perimeter threats. 

Manufacturing, education and finance sectors in general appear more prone to phishing attacks while the healthcare sector was more likely to experience higher than average compliance policy violations. Financial institutions were in fact subject to greater incidents caused by phishing attacks, compliance policy violations, unsanctioned application use, and data leakage, and overall found problem remediation more challenging compared to other sectors.

While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful, says the study. That’s because organizations do not know where they stand and where they are going without a baseline.

Nevertheless, the top five security technologies perceived to have the greatest interoperability value were firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD) as companies are likely to invest in these areas in the next 1-2 years, which in turn will have an impact on their overall security management practices.