The study also revealed that while 19 percent of UK respondents admitted that their organisation has at one time had to ignore a critical security incident because it didn’t have the skills or time to fix it, this was actually much better in comparison with US respondents. When Outpost24 carried out the same survey at RSA Conference in San Francisco in April 2018, an alarming 42 percent of IT professionals revealed they had ignored a security flaw they didn’t have the skills or time to address.
Respondents to the study were also asked what area of their IT estate they consider to be the least secure. This revealed 37 percent are most concerned about mobile devices, 35 percent are most concerned about their Internet of Things (IoT) devices, eight percent said cloud infrastructure and applications, a further eight percent said web applications while seven percent said data assets databases and shares. Owned infrastructure and data centres seem to cause the least concern, with only five percent saying they were least secure. These findings are also in stark contrast to Outpost24’s RSA study where survey respondents were most concerned about cloud infrastructure and applications (25 percent) and only 20 percent of respondents said they were most concerned about mobile devices, which is significantly lower than the results from Infosecurity Europe.
“Our study once again highlights that many security operations teams are struggling to keep up with the pace as which threats appear and increase in sophistication,” said Bob Egner, VP of products at Outpost24. “Unfortunately, in today’s threat landscape no attack is ever the same, cybercriminals are constantly evolving and updating their techniques in a bid to outsmart security teams and the products they use. However, ignoring a critical security incident should never be an option as this is only asking for trouble. The US regularly tops the list of most attacked countries so security professionals should be taking this threat very seriously and doing all they can to minimise their attack surface.”
The survey also asked IT professionals if they believe they could hack into any organisations using one of four common attack techniques. 77 percent of respondents said they could, which is slightly higher than respondents to Outpost24’s RSA survey results where 71 percent of respondents answered affirmatively.
In terms of attack techniques, social engineering was the most popular choice, with 63 percent of respondents selecting this option. Only 19 percent said they would choose to hack an organisation via insecure mobile devices, 14 percent said via insecure web applications while only four percent said they would infiltrate an organisation via their public cloud.
“Our survey results suggest that businesses are adding technology as a key element of their strategy but not preparing their security teams with the skills and resources to keep up. Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack - network infrastructure, cloud environments, applications, mobile devices and even people,” continued Egner.