Too many IT pros ignore critical security issues
A recent Outpost24 survey of 155 IT professionals, which revealed that 42 percent ignore critical security issues when they don’t know how to fix them (16 percent) or don’t have the time to address them (26 percent).
How quickly does your organization remediate known vulnerabilities of any type configuration, hardening, patching, access controls, etc?
The survey, which was carried out at the RSA Conference in April 2018, also asked respondents what area of their IT estate they consider to be the least secure. This revealed 25 percent are most concerned about their cloud infrastructure and applications, 23 percent are most concerned about their IoT devices, 20 percent said their mobile devices, 15 percent said their web applications, while 13 percent were most concerned about their data assets, databases and shares.
Owned infrastructure and data centres seems to cause the least concern, with only five percent saying they were least secure.
Additionally, when survey respondents were asked how quickly their company remediates known vulnerabilities, 16 percent stated they review their security at a set time every month, seven percent said they do it every quarter, however a worrying five percent said they only carry out assessments and apply fixes once or twice a year.
Only 47 percent of organizations patch known vulnerabilities as soon as they are discovered.
Does your organization use any infrastructure in a commercial cloud, such as Amazon AWS or Microsoft Azure?
IT professionals were also asked if security testing is conducted on their enterprises systems, which revealed that seven percent fail to conduct any security testing whatsoever, however, reassuringly, 79 percent of respondents said they do carry out testing.
Respondents were also asked if their organization had hired the services of penetration testers and 68 percent revealed they had. The study also found that of those organizations that had hired penetration testers, 46 percent had uncovered critical issues that could have put their business at risk.