Many organisations lack adequate cyber protection, survey reveals

Organisations lack the correct strategy to prevent cyber attacks against networks and enterprise systems, a study has revealed.

Organisations lack the correct strategy to prevent cyber attacks against networks and enterprise systems, a study has revealed.

Some 84% of more than 1,000 IT and security professionals polled by the Ponemon Institute in the UK, Germany and France admitted to suffering security breaches.

For 44% of these organisations, the breaches cost more than £220,000.

With cyber threats advancing in regularity and sophistication, companies need to know how to protect their networks, according to Juniper Networks, which commissioned the survey.

Multiple security breaches

UK organisations reported multiple breaches, with 55% of respondents admitting to two or more breaches in the past 12 months, 91% admitting to at least one breach, and 6% said they did not know.

As a result of these multiple breaches, 24% say they have low confidence in the ability of their organisation's IT infrastructure to prevent a network security breach.

Insufficient budgets were cited as one of the biggest problems, with 58% of respondents saying only 10% or less of their IT budget is dedicated to security.

Almost one-third of all respondents say complexity is one of their biggest challenges to implementing network security solutions, with 28% blaming resource constraints.

Simplify network security

Security risk from mobile devices is another area of concern, but 46% of respondents say their organisation permits mobile devices such as smartphones and tablets, including those personally owned by employees, to access the company network or enterprise systems.

Combating cyber attacks can be made more effective by streamlining or simplifying network security operations, say 64% of respondents, while 62% say their effectiveness would increase by implementing end-to-end solutions.

But Mark Bower, data protection expert at Voltage Security, says it is not merely a lack of investment, but a flawed approach to data protection that is to blame.

Data encryption is key

"The fact is, most companies have spent a small fortune trying to protect their IT infrastructure from attack. They have been implementing network security and monitoring solutions, intrusion detection and prevention tools, data leak and content scanning products, identity and access management tools and more. Yet hackers get past these measures quite consistently," he said.

Company executives have a right to ask why they are still getting breached after spending so much money on monitoring, detection and scanning tools, says Bower.

He believes that only by encrypting data will organisations achieve a persistent way of protecting data wherever it is sent or stored.

"If you use encryption intelligently it can solve the problem in a fairly simple and cost-effective way," he said.

Read more on IT risk management