A survey on information security priorities and challenges was conducted by EiQ Networks. Based on responses from 168 IT decision makers across industries, results point to lack of confidence in their security technologies and lack of the people, processes to implement it.
Lack of process was a top concern with 62% of IT pros noting they have either "no process" or a "partial process" in place to detect and respond to a security incident. Moreover, only 15% of companies surveyed believe their employees are "well prepared" to spot the signs of an attack and react accordingly.
72% of respondents stated that their IT infrastructure is "not well protected" and is vulnerable to APTs. However, 52% of companies surveyed say they have made it a "priority" to re-think their infrastructure to keep pace with APTs. The survey found that companies are using a variety of security technologies such as Traditional Firewall (86%); Anti-virus software (71%); IDS/IPS technologies (59%); Log management (58%); SIEM (44%).
Despite these technology deployments, only 27% of IT decision makers report they are truly "confident" that these technologies will work against a cyber-threat. 58% report they are "somewhat confident" in these technologies to effectively mitigate risk of security incidents and that they are still seeking alternatives.
Top areas of concern regarding IT security:
Respondents ranked the following priority security initiatives:
Company and brand reputation more at risk than financials:
Chairman, President and CEO of EiQ Networks Vijay Basani said, "Companies today have serious gaps in their security program, specifically the people, process and technology they need to protect their valuable customer and corporate data, and intellectual property. In today's heightened threat environment, companies need to adopt a multi-pronged comprehensive security program that addresses vulnerabilities related to people, process, technology and culture. We believe there is demonstrable benefit to implementing SANS Critical Security Controls that deliver pro-active and reactive security controls & continuous monitoring to identify, prevent and mitigate cyber-security risks."