SOURCE: SolarWinds

SolarWinds

November 19, 2014 07:30 ET

SolarWinds Survey Reveals 84 Percent of IT Pros Rank Their Organizations' Security Above Average, Though 82 Percent Have Suffered From a Significant Attack

A Lack of Widespread Adherence to Best Practices Combined With the Number of Organizations That Have Suffered a Significant Attack Potentially Indicates a False Sense of Security

AUSTIN, TX--(Marketwired - Nov 19, 2014) - SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT performance management software, today released the results of its Information Security Confidence Survey, which explored IT professionals' confidence in their organizations' security measures and processes. The survey found that while confidence is notably high, likely the result of several key factors, widespread adherence to security best practices is lacking, and significant, damaging attacks continue, potentially indicating this confidence is a false sense of security.

"Organizations are taking positive steps toward improving their information security, most notably in terms of budget and resources," said Mav Turner, director of security, SolarWinds. "It's important, however, to never fall into the trap of over-confidence. IT pros should do everything they can to ensure the best defenses possible, but never actually think they've done everything they can. This approach will ensure they are proactively taking all the steps necessary to truly protect their organizations' infrastructures and sensitive data."

Fielded in October 2014 in conjunction with Enterprise Management Associates, the survey* yielded responses from 312 IT practitioners, managers, directors and executives in North America from small and midsize enterprise companies.

"The survey brought out many interesting and disturbing trends," said David Monahan, research director, risk and security management, Enterprise Management Associates. "The general over-confidence demonstrates why we are seeing more breaches. Much of this appears to come from the concept that compliance is equivalent to security. Knowing that all of the major retailers that have experienced breaches in the last year have been considered compliant, we know that is not true."

Survey Findings

1. IT professionals are confident in their organizations' security measures and processes.

In fact, 84 percent of those surveyed said they consider their organizations to be very secure, falling within at least the 30th percentile of the most secure organizations, with 15 percent of those believing their organizations are in the top 10th percentile. In addition, 87 percent said their IT departments currently have sufficient resources to keep their organizations secure.

2. Increased budget, man-power and integration between security and other IT processes and operations, such as network and system administration, are likely driving this confidence.

For example, 74 percent of those surveyed reported their departments' security budgets increased from last year to this year. Moreover, only 1 percent said their organizations do not have at least one staff member responsible for security, and 97 percent said they have more than one. This man-power could explain why 61 percent said they are able to test their defenses at least monthly. Finally, 47 percent said their IT departments tightly integrate security and other IT processes and operations, while all others reported at least some level of interaction.

3. Widespread adherence to security best practices is lacking and damaging attacks continue to plague organizations, potentially indicating this high level of confidence is a false sense of security.

Though nearly 30 percent of respondents do not believe their organizations are a target for an attack and another 27 percent said they feel they are at low risk of a successful attack, 82 percent reported their organizations have experienced a significant attack, with approximately one-third of those reporting that it took at least one month to discover the attack. Furthermore, approximately one-third also said it took at least one month to recover from the attack (get the affected systems/applications back online/operating and the security hole mitigated). Underscoring this is that nearly 40 percent said their organizations either do not have defined security best practices or if they have them, do not regularly follow them.

*Full survey results available upon request.

Connect with SolarWinds
thwack®
Twitter®
Facebook®
LinkedIn®

About SolarWinds
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500® enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.

SolarWinds, SolarWinds & Design and thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other company and product names mentioned are used only for identification purposes and may be or are intellectual property of their respective companies.

© 2014 SolarWinds Worldwide, LLC. All rights reserved.

Contact Information