UK IT professionals are better at handling security vulnerabilities
A survey was conducted by Outpost24 to identify the managing of cyber-security exposure. This survey was conducted at Infosecurity and around 250 plus IT professionals were present for the event. The study found that UK organization is proactive when it comes to security compared to their US counterparts. Most of the organizations in the UK run security testing to better understand their security exposure and assets, which in the US is only below 20 percent.
No doubt that at one point the UK companies had to ignore security issues because they did not have enough skills and know-how to fix it. The situation is much better if you compare it with the US boys. When this survey report was shared at the RSA conference, SF on April 2018, a mammoth 40 percent of the IT professionals revealed that they have ignored security issues, because they didn’t know how to fix it.
Respondent was also asked to state which IT area they feel is less secure, and interestingly 40 percent of them said ‘they are worried about the mobile device. Another 40 percent stated about IoT devices, rest claimed cloud and database assets as vulnerable.’
Data center and owned infrastructure least figured in their list of IT security, and hardly 5 percent talked about it according to the survey. The alarming thing to be noted was the sharp contrast with the earlier survey, where respondents were 20 percent for infrastructure and 25 percent of mobile device security. But, now more people were to ensure security for mobile devices.
Bob Egner, VP of products at Outpost24 said “Our study once again highlights that many security operations teams are struggling to keep up with the pace at which threats appear and increase in sophistication,” said. “Unfortunately, in today’s threat landscape no attack is ever the same, cybercriminals are constantly evolving and updating their techniques in a bid to outsmart security teams and the products they use.”
“However, ignoring a critical security incident should never be an option as this is only asking for trouble. The US regularly tops the list of most attacked countries, so security professionals should be taking this threat very seriously and doing all they can to minimize their attack surface.”
Egner further stated that “Our survey results suggest that businesses are adding technology as a key element of their strategy, but not preparing their security teams with the skills and resources to keep up. Hackers understand there are key areas of technology, which organizations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack – network infrastructure, cloud environments, applications, mobile devices and even people.
The survey also emphasized the need for IT professionals to know if they can hack into any organization using four common attack techniques. Nearly everybody said they could, which was again on the higher side compared to the previous survey by Outpost24. 60 percent preferred social engineering as the popular choice of attack techniques. 20 percent respondents said they prefer insecure mobile device and 15 percent would use insecure web applications. Hardly 5 percent would hack using the public cloud.
Julia Sowells703 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.