The survey, carried out with IT decision makers (ITDMs) in organisations of 50 or more employees, reveals a lack of protection against increasingly sophisticated security risks. As many as three-quarters (75%) have no DDoS protection in place or Unified Threat Management, rendering them at a disadvantage when attempting to identify, analyse and action threats. In fact, almost half (46%) lack firewalling security measures.
The consequences of inadequate threat management and lack of visibility into the network could have far-reaching consequences. Only a quarter of ITDMs are very confident they could handle malicious attacks, information leakages or a system compromise, and a significant 83% say their organisation couldn’t survive longer than 24 hours without its critical infrastructure.
This is despite security being cited as the top IT infrastructure concern for IT decision makers and also the number one priority for extra spend if budget is made available, above upgrading IT infrastructure, moving to the Cloud, application development and investing in skills and people.
The full research is covered in a new Node4 IT industry report, launched today IT Security: the evolving threat landscape. It presents comprehensive insight into current security concerns, the approaches IT decision makers are taking to protect their organisations and, critically, how they can shape IT security strategies to mitigate against cybercrime.
“Trends such as big data, cloud migration and system complexity are driving an increase in the number of potential attack vectors. The result is a big rise in the volume, complexity and intensity of attacks on businesses,” comments Steve Nice, Security Technologist, Node4. “Reports of high-profile casualties are commonplace, but the threat landscape isn’t one that is only relevant for large enterprises; it’s a critical issue for every organisation. Today, every organisation must assume it is a target.
“While ITDMs may feel reasonably confident about their security approaches, our research reveals a lack of sophistication, with too much reliance on ‘traditional’ solutions. New threats need to be met with new approaches and that means ensuring security strategies that can protect in today’s increasingly heterogeneous enterprise infrastructures, with single view security systems and security incident and event management (SIEM) systems for complete visibility and control.”