Respected security specialists Gemalto recently published the Data Security Confidence Index under the headline : ‘DSCI Reveals Wide Gap between Perception and Reality of Perimeter Security Effectiveness’. There’s a link to the report at the bottom of this article.
On their webpage, Gemalto state that 3.9 billion records have been lost or stolen since 2013, and highlight three key statistics from the DSCI report:
69% of IT professionals are not extremely confident their data would be secure if perimeter defenses were breached.
66% of IT professionals say unauthorized users can access their networks and 16% believe unauthorized users have access to their entire networks.
One-third of organizations have experienced a data breach in past 12 months.
10% of IT managers wouldn’t have their own personal data on their network.
In an article titled: ’10 figures show that companies do not adequately protect their data’, French website FrenchWeb (the link to the original article, in French, is below) revealed that: ‘When asked about the issue, more than 10% of IT managers surveyed said that as customers they would not entrust their personal information to the organization for which they work.’
Sergio Loureiro, CEO of SecludIT, understands why. “The FrenchWeb report also highlighted DSCI findings that 82% of IT managers interviewed said they spend between 5% and 10% of their IT budget on network security … but that if they had to make budget cuts, 34% would choose data protection as a service to make savings on.”
“IT teams are under constant pressure to achieve more with their budgets,” Sergio continues, “and the way businesses measure success is by innovation and earnings. IT security, like insurance, isn’t as exciting as developing new IT services, web platforms or routes to market, so there’s a natural inclination to think about innovation first and security later.”
McDonald’s IT manager. Her takeaway on IT security as a business issue.
Management Events organises events that bring 20,000 business visionaries together to discuss key business topics. Their event ’600Minutes Information and Cyber Security’ in Finland highlighted some of the key challenges in aligning IT security with the corporate vision.
Helinä Tapaninen, IT manager for McDonald’s Oy, said that the constantly evolving nature of IT threats means that cyber security isn’t just a technology issue, but a business issue. “Even (if) the actual responsibility would fall down to IT in the organization, someone in the leadership team should be clearly responsible for this stuff because it’s impacting what we do one way or another.”
Sergio Loureiro agrees. “Cyber security is something that should be high on the C-Suite’s agenda.” Referring again to the FrenchWeb article on the DSCI report, Sergio quotes that: “92% of companies who had a data breach saw direct costs increase by an average of $1.1m, and 36% reported subsequent delays to product development.”
McDonald’s Oy IT manager, Helinä Tapaninen, notes the difficulty of keeping up with cyber security trends in an ever-changing threat landscape, “Today, to be up-to-date with all the cyber and information security subjects is a key challenge. And also then the understanding of what I must do, how much do I want to pay for it, what’s the business value?”
So, you think your IT platform is safe? If you’re right, our deep scan is free.
Is your company part of the ‘reality distortion field’ that Gemalto referred to in the Data Security Confidence Index?
There’s an easy way to find out. SecludIT offers a network vulnerability reality check for business in the form of a deep scan that checks for over 60,000 vulnerabilities from a list of threats that is updated daily.
Called S-Diag, the scan can be completed in a morning and has no effect on network performance for employees and customers. At the end of the scan, S-Diag gives three deliverables:
- C-Suite vulnerability report.
- IT report, with remediation tips.
- Phone consultation with a SecludIT expert.
“In our experience, 98% of servers have vulnerabilities … and yet, thanks to our remediation tips, the average fix takes just 15 minutes,” says Sergio Loureiro. “We’ve performed over a million network scans in the last five years, and less than ten of those had zero vulnerabilities. Even if your company has just endured the disruption of a full pentest, we’re confident that a background S-Diag deep scan will find vulnerabilities. If we don’t … the test is free.”
S-Diag performs deep scans ‘out of the box’ on conventional and cloud-based networks – including AWS, Azure, Google Compute Engine and Hypervisor. That means negligible use of system resources, no agents required, and you start to see results in minutes, not days. “97% of our vulnerability audits are finished in a morning,” says Sergio Loureiro.
S-Diag can also perform ‘delta’ tests to see if ex-employees still have access to your network (read our article on how 49% of IT ex-employees still have access to IT resources.)
There are S-Diag scans for enterprise servers, Internet servers and e-commerce servers. Please contact SecludIT to enquire about a fully supported vulnerability scan for your network.
Reference sources used in this article: