HP Research Reveals Organisations Over-Confident When it Comes to Enterprise Risk
May 2012 by HP
HP announced new research revealing security professionals in Europe have significant gaps in their enterprise risk strategies, despite thinking that they are on track.
New research conducted on-site at the InfoSecurity Europe 2012 conference in London reveals that 79 percent of attending security professionals believes they have an information security risk plan in place; however, only 14 percent are very confident that their current IT security solutions are giving them a complete, concise picture of their security and risk state. Furthermore, close to 90 percent of these answered that they believe they have governance mechanisms in place to drive right user behaviours and monitor adherence, but there is still 43 percent of these respondents who are not confident that they have visibility of risk within their organisations.
“These results indicate that security professionals are not as aware as they think about the real state of their security, or what they should be doing in order to protect themselves from ever developing threats,” said Jennifer Lake, Security Product Marketing Manager, HP DVLabs. “Security professionals should be developing an intelligent approach to enterprise security, rather than simply securing an organisation’s perimeter. HP Enterprise Security helps organisations establish a clear framework and layered system of defence, in response to a new breed of cyber threats targeting holes between products, disparate processes, and gaps in security readiness.”
IT must be able to develop a sustainable and holistic approach to securing the enterprise across data, applications, devices and networks. However, the on-site InfoSecurity research conducted by HP indicates that 44 percent of security professionals do not have the capabilities to uncover and report vulnerabilities in custom applications, with only 60 percent of respondents carrying out real-time monitoring of security events.
Other key findings include:
• An increased percentage of respondents felt that cyber-attacks have increased over the past 12 months (60 percent) than they did last year (43 percent), with a further 75 percent believing attacks will increase again in the next 6 months
• The top three information security risks for organisations are staff inadvertently breaching security (19 percent), mobile devices (18 percent) and malware and viruses (17 percent)
• More than half of respondents are able to capture a significant amount of security vulnerability information at both the network (60 percent) and application layer (52 percent)
• Only 41 percent of respondents carry out asset analysis and prioritisation as part of their security programme
HP conducted the survey on-site at the InfoSecurity conference 2012 in London by getting 500 attendees from across Europe to answer 10 questions about the current state of their enterprise security.