Critical security controls continue to play crucial role in cybersecurity
London, UK , Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organisations, today announced the results of a survey of 350 information security professionals that found 75 percent of respondents did not believe that buying every security tool available on the market would enable them to fully protect their organisations. The survey was conducted June 6-8, 2017, at Infosecurity Europe 2017 at the Olympia Conference Centre in London.
Tripwire’s survey also found that nearly half of respondents (46 percent) had purchased security tools that failed to meet their organisation’s needs.
“New tools and technologies enter the information security market all the time, but it’s clear that many of them simply don’t meet the needs of the market,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Focusing on the basics that have been demonstrated to work may not make headlines, but it does make sense.”
Erlin continued, “Very often, the biggest bang for the security buck is making sure foundational security controls are in place. The fundamentals of finding and patching vulnerabilities, making sure systems are securely configured and monitoring your systems for change go a long way in maintaining a strong security posture.”
The findings also suggested that the larger the company, the less confident employees were about cybersecurity tools fully protecting their organisations. For organisations with fewer than 1,000 employees, only 32 percent felt they would be fully protected if they had invested in all the available security tools. This decreases by more than half with businesses 1,000 to 5,000 employees (19 percent) and even further with businesses that have more than 5,000 employees (15 percent).
Recent events have shown that basic security controls can effectively protect organisations, even without the help of some of the latest tools on the market. The scale of attacks such as Heartbleed, WannaCry, and now Petya have been attributed to organisations using outdated and unpatched systems, rather than a lack of appropriate defensive tools. These high-profile attacks have highlighted that paying attention to basic security hygiene and ensuring foundational controls are in place can effectively fend off damaging attacks.