Ben Kepes has a post on Forbes arguing that security statistics show that we need to reinvent enterprise IT. Of course, we’ve all seen the reports about Target, Michael’s and other high-profile retailers whose security has been breached. But the problem is actually more widespread. Ben cites data from BitSight showing that:
- During 2013, at any given time, between 68% and 82% of the S&P 500 companies had been compromised with an externally observable event
- Only 18% of companies had strong SSL certificates, the remainder sent data across the Internet without proper encryption
- Only 24% of companies had strong SPF records that could prevent email spoofing… these are some of the largest companies in the US!
Why is this happening? A report from Trustwave points out the pressure IT departments are experiencing to do more with less.
- 4 out of 5 IT pros were pressured in 2013 to rollout IT projects despite security issues
- Businesses Put the Blinders On: 73% of respondents believe their organization is safe from security threats
- 85% of IT pros say a bigger IT security team would reduce security pressures and bolster job effectiveness
What’s your experience? Have the recent security breaches at Target and others just upped the pressure on IT, or are companies providing resources to analyze and address security threats?