- USB encryption
Almost half the
respondents were lacking when it came to USB encryption. They failed to
ensure that data from a device connecting to end points via USB was
sufficiently encrypted, were it to end up in an unsecured or hostile
environment.
- Third party device connectivity
Some
35% of organizations aren’t controlling end point connectivity
solutions like SD cards, Bluetooth, and Fire Wire, to limit the threats
they potentially bring.
- USB control
USB
devices can be a significant vector for the distribution of
cyber attacks. However, over 35% of respondents don’t control or limit
any device connecting to end points via USB.
- Data loss prevention
Some 37% of companies have no assurance against loss of information, documents, and IP.
- Reverse engineering of malware
Only
39% of organizations are actively working on reverse engineering of
malware, while 32% are still in an initial phase of developing this.
- Emergency response team
Only
16% of assessments showed a fully capable emergency response team,
while 51% of companies would be able to put together an emergency
response team and are somewhat prepared to respond to a potential
breach. However, 32% of organizations would fall short in responding,
cleaning up, and analyzing a cyber attack.
- Breach indicators
Reporting
systems, log managers, security information, and event management
(SIEM) systems automatically raise the alarm when indicators reach a
point which is deemed unacceptable, reducing the potential impact to the
network. Only 38% of organizations are actively monitoring their breach
indicators, while 41% have only average capabilities of monitoring and
interpreting these. Less than 20% are unable to clearly identify breach
indicators as they occur.
- Disk encryption
Full
disk encryption protects against data theft and loss, especially in the
case of a machine or device being removed from a secure environment.
The responses show that less than 30% of organizations are enforcing
disk encryption.
- Application control
Less
than half the respondents said their organizations are running an
active application control programme, with 25% not actively controlling
or limiting the applications within their network. Some 27% are
enforcing some application control policies.
- Mobile device management (MDM)
Although
26% of companies haven’t yet started to address the fact that mobile
devices need to be protected to the same level as laptops or desktops,
over half the organizations are actively running MDMt, while 22% have
already started to enforce some MDM policies within their organizations.
These
results show that an encouraging proportion of companies are actively
deploying protection, but most don’t feel fully prepared and are focused
on further optimization. None felt completely unprepared but all
acknowledged a greater need for enhanced security.
Anurag
Comments
Post a Comment