Study: Companies are not as secure as they think

CompTIA, the nonprofit association for the IT industry, has a warning for companies: You are likely less prepared then you think for defending against security threats.

[Senior executives blamed for a majority of undisclosed security incidents]

In a recent survey of 1,000 IT professionals and companies, CompTIA found that more than 80 percent believed their current level of security was completely or mostly satisfactory. This high level of confidence was expressed despite the fact that only 13 percent of the respondents had made drastic changes to their security approach over the last two years.

During that time, many organizations have embraced cloud computing, bring-your-own-device practices and expanded their use of social media, all of which would require new technologies and policies to secure. Without the latter changes, a company's security is likely inadequate.

"Sometime in the past, they did a fairly thorough analysis of their security situation," Seth Robinson, director of technology analysis for CompTIA, said Monday. "But with the large technology changes that we're seeing today, that analysis may be a little bit stale."

For many companies, the focus remains on hacking and malware as persistent threats. Yet, the landscape has changed dramatically with the rise of advanced persistent threats, denial of service and IPv6 attacks and mobile malware.

The survey indicates that many companies need to step back and re-evaluate their security tactics, starting with the top-level of business down through all departments.

For the 11 years CompTIA has been doing the annual survey, employee mistakes have always been a major cause of security breaches. In the latest report, more than half of the respondents said human error has become a bigger problem over the last two years.

CompTIA believes the increase is likely due to employees' use of cloud services, such as Dropbox or Google Apps; mobile devices and social media. In the majority of cases, employees do not realize that their behavior is risky or violates corporate policies.

While acknowledging that human error has become a greater threat, only one in five of the respondents in the CompTIA survey viewed it as a "serious concern."

This contradiction is likely due to the cause of most human error stemming from ignorance in using new technologies, Robinson said. While companies know how to bolster security against malware, they have less experience in solving problems stemming from a lack of education.

"Companies need to think about security education differently than they have before, so it's taking some time for that to sort itself out," Robinson said.

[Study: Business leaders lacking confidence in IT]

Companies are also struggling to find security professionals with the skills to lockdown emerging technologies, CompTIA found. The areas most lacking in talent included cloud and mobile security, data loss prevention and risk analysis.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CompTIADropboxGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place