IT chiefs have a deep lack of confidence in their security technologies—and suffer a lack of the people and processes to implement new ones.
Lack of process was a top concern with 62% of IT pros in a recent survey from EiQ Networks. They said that they have either “no process” or a “partial process” in place to detect and respond to a security incident. Moreover, only 15% of companies surveyed believe their employees are “well prepared” to spot the signs of an attack and react accordingly.
Seventy-two percent of respondents stated that their IT infrastructure is “not well protected” and is vulnerable to advanced persistent threats (APTs). However, 52% of companies surveyed say they have made it a priority to re-think their infrastructure to keep pace with APTs.
The survey also found that companies are using a variety of security technologies such as traditional firewall (86%); anti-virus software (71%); IDS/IPS technologies (59%); log management (58%); and SIEM (44%).
Despite these technology deployments, only 27% of IT decision makers report they are truly confident that these technologies will work against a cyber-threat. Fifty-eight percent report they are “somewhat confident” in their technologies to effectively mitigate risk of security incidents and that they are still seeking alternatives.
When it came to top areas of concern regarding IT security, respondents indicated that network perimeter (23%), endpoints (21%) and web applications (14%) were areas of highest concern. Priority security initiatives to spend money on were network monitoring, anti-virus software, data encryption, an IT security professional, cyber-insurance policy, and a provider of managed services.
“Companies today have serious gaps in their security program, specifically the people, process and technology they need to protect their valuable customer and corporate data, and intellectual property,” said Vijay Basani, chairman, president and CEO of EiQ Networks. “In today’s heightened threat environment, companies need to adopt a multi-pronged comprehensive security program that addresses vulnerabilities related to people, process, technology and culture.”