Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Report: Businesses Need a More "Proactive" Security Stance

By - Source: Toms IT Pro
Tags :

A new CompTIA security survey shows businesses need to stop planning for the last attacks and be ready to deal with the next one.

Source: CompTIA Insight & Tools publication \Source: CompTIA Insight & Tools publication "CompTIA Buying Guide to IT Security 2017"CompTIA recently released some fascinating security information and survey results. The report reflects online responses from IT professionals at some 350 businesses gathered in April, May and October of 2016.
MORE: Best Antivirus Software for Business
Here are some riveting factoids from the materials that CompTIA has made publicly available:

  • Cyber security remains a paramount concern at businesses. In April, 92 percent of respondents believed that security is more important then than it was 2 years earlier. Nearly half (44 percent) agreed that the importance of security was "significantly higher" when that survey was conducted.
  • The potential for breach is high enough to be worrisome. Some 73 percent of organizations polled in a May reported at least one security breach in the past year, with 60 percent of such breaches categorized as "serious." Mobile-related security incidents, including lost devices, mobile malware and phishing attacks, or staff disabling security features – was higher still, at 76 percent of respondents in 12 countries.
  • Threats are increasing in number and cost, as shown in the infographic from McAfee Labs 2017 Threats Predictions Report (November 2016). Please note that malware and viruses feature only in a subset of the elements presented, and that the spectrum of threats is broad, deep, and troubling.
  • Root causes of system glitches are many, and include system glitches (25 percent), malicious or criminal attacks (48 percent), and human error (27 percent) as quoted from the Ponemon Institute's 2016 Cost of Data Breach Study (June 2016).
  • Shifts in IT security strategy include a move from perimeter-based security holistic security that involves new tools, overarching policies, business processes and end-user education, a decreased focus on security threat prevention and more focus on detection with an emphasis on finding and resolving anomalies, and finally a change from a defensive IT security strategy to an offensive one that proactively audits and tests security for faults to offset risks and perform due diligence.
  • The four pillars of a strong IT security strategy include the following elements: policy that sets AUP for system use, confidential data, email mobile devices, passwords, and incident response; process, which defines IT processes for analyzing risk, managing compliance, and evaluating cloud providers; products, which include tools beyond firewall and antivirus, such as data loss prevention and identity and access management; and people, which involves training users to make sure they understand and employ best security practices and behaviors.
  • Factors that drive a revised and expanded, proactive approach to cyber security include changes in IT operations, reports of security breaches (internal and external), knowledge gained from training, plus management and business changes.

Seth Robinson, CompTIA's senior director of technology analysis, said of today's security threat landscape that "Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated, but a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them." He also said of viruses and malware that "While we certainly need to remain vigilant about these threats, many other forms of attack have emerged that can carry disastrous consequences." The upshot of his remarks is a spot-on admonition for organizations to develop a "proactive" security posture that includes strong elements of detection and response to threats along with strong cyber defenses.

IT professionals would do well to make sure they understand the new tools and technologies that CompTIA highlights. These include data loss prevention (DLP), identity and access management (IAM), and enterprise security intelligence (ESI). Those same people should also do what they can to make themselves aware of the threats looming on their own security landscapes, particularly as they touch on their home industry niches, vertical markets, customer and partner bases, and so forth. The report is intended to function as a wake-up call. It does a pretty good job, at that.