From the perspective of IT professionals, businesses still aren’t doing enough to secure their sensitive data and frequently make the same security mistakes that leave them open to a breach, according to a new report from Trustwave.
Trustwave surveyed 476 information technology and security professionals across the globe for its 2014 State of Risk Report from Trustwave to gain insight into the most significant threats facing businesses, as well as how they can improve their security stance.
And in many cases, the biggest threat facing businesses may be their own lack of attention to the problem at the executive level.
“It really starts from the top down,” said Phil Smith, Trustwave’s senior vice president for government solutions and special investigations. “If the board and the executive team really have security on their minds, that will drive it throughout the organization. If not, it’s going to wane. It’s not going to take foothold.”
He told Advisen the security firm is seeing more concern at the executive and board level, but it is “still not where it should be” relative to the many high-profile data breaches that have occurred and the threats that exist.
The report revealed that data drives businesses. 81 percent store and use financial data; 71 percent maintain intellectual property and 47 percent process payment card data. However, only 45 percent of businesses reported having board or senior-level managers taking an active role in security concerns, while 9 percent of businesses report no executive involvement in information security. Perhaps worse, 63 percent of businesses are not properly tracking the sensitive data they do collect, while 19 percent admitted they have no method to track data at all.
In case company executives can’t see the value in safeguarding security, Smith noted, “There’s a real return on investment from being prepared. Companies that can self-detect can contain within hours and days. There’s so much less data leakage and so much less damage to your brand.”
Basic security measures such as patch management and keeing software updated can make the difference for an organization. Trustwave’s research showed that 58 percent of businesses do not have a “fully mature” patch management process in place, and 12 percent do not have a patch management process in place at all.
Smith recommended “ongoing vigilance,” starting with a risk assessment and a commitment to maintaining the process.
“That’s where most companies fall down. That’s where you find lots of holes in companies — things they’ve outlined that they’re not even doing,” he said.