IT departments are short on time and security tools, and are under more threat than ever before, according to a new report.
In a study of 350 IT professionals in the UK, security management solution provider RedSeal Networks found that a significant number of professionals felt under-resourced, short on time, and subsequently were ignoring ‘critical' security vulnerabilities and fearing ‘massive' cyber attacks.
Approximately 30 percent of IT departments admitted to turning a blind eye to critical security vulnerabilities because they didn't have the time or tools to get the root to the root of the problem, while 28 percent pleaded for more sophisticated tools to manage the deluge of data. Another 41 percent of also said that they feared a major cyber attack against the UK's critical national infrastructure.
As such, a number of IT departments were unconvinced if their networks are secure, or even confident that they could pinpoint a cyber attack.
55 percent said that they cannot or do not know if they can truthfully assure the board that their networks are secure, while 51 percent said that they couldn't provide the board with key performance indicators to show if investment was sufficient in defending against hackers. A further 44 percent of companies admitted that they do not know or cannot answer if they are being hacked, because their systems are so overloaded with data.
“It's pretty clear that the majority of today's companies just don't have enough visibility into their networks and therefore don't know what needs protecting and what doesn't,” said Parveen Jain, CEO at RedSeal Networks, in a statement.
“We often see major corporations being attacked day in and day out, but since they don't have full understanding of their infrastructure security weaknesses and risk gaps, they don't know where and how to put up their defences.”
Jain continued that with a third of IT professionals feeling they are playing catch-up with cyber criminals, they are desperately struggling to protect network vulnerabilities.
“The cyber-criminal community knows that companies are overwhelmed with too much data and don't have the resources or tools to protect their most valuable assets, so they take advantage of the weak spots,” he added.
In response to the study, PA Consulting Group cyber security analyst Ed Savage said that the results owed a lot to “fear of the unknown” but said that IT departments often get basic security measures wrong.
“My line on this is that the reason companies are failing in the cyber world is that they can't get the basics right,” said Savage to SCMagazineUK.com, before citing the British Government's recently-released 10 steps guide.
“There remains too much focus that tools can solve what are often people, not technology, problems. It is people that don't get around to patching, or who don't control administrator rights.
On the issue of cyber attacks, Savage said that companies often don't like to talk about it, or spend too long on efforts defending against the attack itself rather than the continual stealing of data through things like APTs.
“No-one wants to admit its happening to them. They focus on the attack that takes five minutes, rather than making it hard to research or exfilitrate data from the system.”