CompTIA: Malware, Hacking Tools Keep IT Execs Up at Night
The availability of hacking tools and the increased sophistication of hackers are the most prevalent risks to enterprise security, according to a new study from CompTIA. And while human error is not considered to be a large concern for most enterprises, it remains the single-most effective way for hackers to access a company’s private information.
The availability of hacking tools and the increased sophistication of hackers are the most prevalent risks to enterprise security, according to a new study from CompTIA. And while human error is not considered to be a large concern for most enterprises, it remains the single-most effective way for hackers to access a company’s private information.
CompTIA gathered the results of two recent surveys in its Trends in Information Security study, which asked more than 700 U.S. business execs and technology professionals to sound off on their biggest security concerns. When asked to identify the factors responsible for complicating their security readiness, 54 percent of respondents said the increasing sophistication of hackers was their most pressing concern. Additionally, 48 percent said a greater availability of hacking tools was also a major concern.
And even though attackers continue to become more sophisticated, tech companies continue to lag behind when it comes to protecting their most critical systems, according to CompTIA.
“It’s not that businesses need to be convinced that security is important,” said Seth Robinson, senior director, Technology Analysis at CompTIA, in a statement. “Instead, they need to be convinced of the ways that their current security approach is putting them at risk.”
IT security has become increasingly difficult to manage with the explosion of cloud-based services and mobile technology, according to respondents. More than half of companies surveyed said greater interconnectivity has expanded their perimeters, making it difficult for legacy security solutions to protect corporate assets.
If companies want to combat the growth of malicious activity, they will need to focus on building their technological resources, developing new security processes and preparing personnel for the immanence of a data breach, Robinson said. Organizations can do this by utilizing new security technologies such as data loss prevention, identity and access management and security information and event management software.
Formal security policies also need to be established to prepare companies for the possibility of an attack. Currently, only half of companies surveyed believe they have a comprehensive security policy in place.
Additional training can also go a long way in preventing security breaches before they happen, according to Robinson. In fact, human error continues to be the No. 1 source for data loss in companies, even though respondents did not cite it is as a serious concern. CompTIA found that only 54 percent of respondents reported having a cybersecurity training program.
CompTIA’s research is consistent with other recent surveys, which have concluded the public is generally aware of the dangers of enterprise and personal data loss but are largely unwilling to change their behaviors or seek formal training. A study by Lookout Mobile found millennials are especially apt to put their personal information at risk despite being the most knowledgeable generation in terms of security awareness; data protection solution provider Acronis discovered that although more than 75 percent of consumers store their information digitally, less than half are active in backing up their data to an external device.
