Three-quarters of respondents in a recent survey show a startling lack of confidence in the efficacy of security solutions.
According to Tripwire’s polling of information security professionals, a full 75% of respondents did not believe that buying every security tool available on the market would enable them to fully protect their organizations.
Tripwire’s survey also found that nearly half of respondents (46%) had purchased security tools that failed to meet their organization’s needs.
“New tools and technologies enter the information security market all the time, but it’s clear that many of them simply don’t meet the needs of the market,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Focusing on the basics that have been demonstrated to work may not make headlines, but it does make sense.”
He added, “Very often, the biggest bang for the security buck is making sure foundational security controls are in place. The fundamentals of finding and patching vulnerabilities, making sure systems are securely configured and monitoring your systems for change go a long way in maintaining a strong security posture.”
The findings also suggested that the larger the company, the less confident employees were about cybersecurity tools fully protecting their organizations. For organizations with fewer than 1,000 employees, only 32% felt they would be fully protected if they had invested in all the available security tools. This decreases by more than half with businesses 1,000 to 5,000 employees (19%) and even further with businesses that have more than 5,000 employees (15%).
Recent events have shown that basic security controls can effectively protect organizations, even without the help of some of the latest tools on the market. The scale of attacks such as Heartbleed, WannaCry, and now Petya have been attributed to organizations using outdated and unpatched systems, rather than a lack of appropriate defensive tools.
“These high-profile attacks have highlighted that paying attention to basic security hygiene and ensuring foundational controls are in place can effectively fend off damaging attacks,” the company said in its findings.