Many businesses still struggle with information security deficiencies and common security weaknesses that can elevate their risk of data breaches.
Based on a global survey of 476 information technology and security professionals located in more than 50 countries, a new Trustwave report benchmarks by which IT and security professionals can compare their risk stance against their peers.
Key findings include:
Data is the lifeblood of business: 81 percent of businesses store and process financial data, 71 percent store intellectual property and 47 percent store payment card data.
High level executives are only somewhat involved: 45 percent of businesses have board- or senior-level management who take only a partial role in security matters; 9 percent do not partake at all.
Sensitive data may be off the radar: 63 percent of businesses do not have a fully mature method to control and track sensitive data, while 19 percent do not have one at all. Additionally less than half (49 percent) fully encrypt stored sensitive data, with 51 percent only partially or not at all.
If they’re breached, they don’t know what to do: 21 percent of businesses do not have incident response procedures in place; 20 percent of businesses do not have a process that enables the reporting of security incidents.
They understand legal implications but fail to take action: 60 percent of businesses are fully aware of their legal responsibilities in safeguarding sensitive data, yet 21 percent never perform security awareness training, 23 percent never hold security planning meetings and 24 percent do not have employees that read and sign their businesses’ information security policy.
They do not know where their valuable data lives: 33 percent of businesses have not commissioned a risk assessment to identify where their valuable data lives and what controls – if any – are in place to protect it.
Assumptions about third-party providers’ security controls: 58 percent of businesses use third-parties to manage sensitive data, yet almost half (48 percent) do not have a third party management program in place.
They lack patch management programs: 58 percent of businesses do not have a fully mature patch management process in place, and 12 percent do not have a patch management process in place at all.
“Businesses must look at security as a business-as-usual imperative,” said Michael Aminzade, vice president of Global Compliance & Risk Services at Trustwave. “Understanding their risk level is the first step. By identifying their largest security shortfalls and rectifying them, businesses can stay ahead of the criminals and decrease their risk of getting breached.”