SUBSCRIBE
1
0
Security

Many organizations still ignore basic security, survey suggests

Howard Solomon

Experts are going hoarse telling organizations they have to build their cyber security strategies around doing the basics, including having an accurate inventory of everything on the network.

But if a survey sponsored by Tripwire is accurate not many are following even the top six of the 20 recommended Critical Security Controls set by the Center for Internet Security (CIS).

Among the survey’s findings:

  • Only 11 per cent of respondents believe their organization tracks all hardware devices on their networks;
  • Only 21 per cent say their organization tracks more 90 per cent of their software, while 56 per cent track less than 70 percent;
  • A third of respondents said their organization doesn’t require changed default passwords, 41 per cent still don’t use multifactor authentication for accessing administrative accounts, and 43 per cent do not require unique passwords for each system;
  • More than a third (38 per cent) said they still struggle to enforce configuration settings.
Approximately how many of the devices connected to your organization’s
network do you have tracked in an asset inventory? (Tripwire graphic)

“These industry standards are one way to leverage the broader community, which is important with the resource constraints that most organizations experience,” Tim Erlin, Tripwire’s vice-president of product management and strategy, said in a statement. “It’s surprising that so many respondents aren’t using established frameworks to provide a baseline for measuring their security posture. It’s vital to get a clear picture of where you are so that you can plan a path forward.”

The survey was completed by 306 participants in Canada and the U.S. last month, all of whom are responsible for IT security at companies with more than 100 employees.

Many organizations still struggle to maintain the adequate visibility into their environments needed to address potential issues quickly, an analysis of the survey results found. “Results showed that organizations need to improve visibility into the devices and software on their networks, logs from critical systems, and configuration changes.”

The report, called The State of Cyber Hygiene, can be downloaded here. Registration is required.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.
Previous article
Samsung Unpacked reveals Galaxy Note 9, Galaxy Watch, and Galaxy Home
Next article
How Thomson Reuters used Salesforce and SAP to transform its billing process

Related Tech News

More from Howard Solomon

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

SUBSCRIBE
SUBSCRIBE

PRODUCED BY