Outpost24, an innovator in identifying and managing cyber-security exposure, announced the results of a survey conducted at Infosecurity Europe, which looked at the attitudes of 269 IT professionals and revealed that UK organisationstake a far more cautious approach to security than their US counterparts with 76% running security testing to understand their key assets and security exposure, in comparison to only 15% of US organisations.
The study also revealed that while 19% of UK respondents admitted that their organisation has at one time had to ignore a critical security incident because it didn’t have the skills or time to fix it, this was actually much better in comparison with US respondents. When Outpost24 carried out the same survey at RSA Conference in San Francisco in April 2018, an alarming 42% of IT professionals revealed they had ignored a security flaw they didn’t have the skills or time to address.
Respondents to the study were also asked what area of their IT estate they consider to be the least secure. This revealed 37% are most concerned about mobile devices, 35% are most concerned about their Internet of Things (IoT) devices, 8% said cloud infrastructure and applications, a further 8% said web applications while 7% said data assets databases and shares.
Owned infrastructure and data centres seem to cause the least concern, with only 5% saying they were least secure. These findings are also in stark contrast to Outpost24’s RSA study where survey respondents were most concerned about cloud infrastructure and applications (25%) and only 20% of respondents said they were most concerned about mobile devices, which is significantly lower than the results from Infosecurity Europe.
“Our study once again highlights that many security operations teams are struggling to keep up with the pace as which threats appear and increase in sophistication,” said Bob Egner, VP of products at Outpost24. “Unfortunately, in today’s threat landscape no attack is ever the same, cybercriminals are constantly evolving and updating their techniques in a bid to outsmart security teams and the products they use.”
“However, ignoring a critical security incident should never be an option as this is only asking for trouble. The US regularly tops the list of most attacked countries so security professionals should be taking this threat very seriously and doing all they can to minimise their attack surface.”
The survey also asked IT professionals if they believe they could hack into any organisations using one of four common attack techniques. 77% of respondents said they could, which is slightly higher than respondents to Outpost24’s RSA survey results where 71% of respondents answered affirmatively.
In terms of attack techniques, social engineering was the most popular choice, with 63% of respondents selecting this option. Only 19% said they would choose to hack an organisation via insecure mobile devices, 14% said via insecure web applications while only 4% said they would infiltrate an organisation via their public cloud.
“Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up. Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack – network infrastructure, cloud environments, applications, mobile devices and even people,” continued Egner.
For more information on the study, click here