1. USB Encryption:
Almost half the respondents were lacking when it came to USB encryption. They failed to ensure that data from a device connecting to end points via USB was sufficiently encrypted, were it to end up in an unsecured or hostile environment.
2. Third Party Device Connectivity:
Some 35% of organisations aren’t controlling end point connectivity solutions like SD cards, Bluetooth, and FireWire, to limit the threats they potentially bring.
3. USB Control:
USB devices can be a significant vector for the distribution of cyberattacks. However, over 35% of respondents don’t control or limit any device connecting to end points via USB.
4. Data Loss Prevention:
Some 37% of companies have no assurance against loss of information, documents, and IP security assessment button
5. Reverse Engineering of Malware:
Only 39% of organisations are actively working on reverse engineering of malware, while 32% are still in an initial phase of developing this.
6. Emergency Response Team:
Only 16% of assessments showed a fully capable emergency response team, while 51% of companies would be able to put together an emergency response team and are somewhat prepared to respond to a potential breach. However, 32% of organisations would fall short in responding, Cleaning up, and Analysing a Cyberattack.
7. Breach Indicators:
Reporting systems, log managers, security information, and event management (SIEM) systems automatically raise the alarm when indicators reach a point which is deemed unacceptable, reducing the potential impact to the network. Only 38% of organisations are actively monitoring their breach indicators, while 41% have only average capabilities of monitoring and interpreting these. Less than 20% are unable to clearly identify breach indicators as they occur.
8. Disk Encryption:
Full disk encryption protects against data theft and loss, especially in the case of a machine or device being removed from a secure environment. The responses show that less than 30% of organisations are enforcing disk encryption.
9. Application Control:
Less than half the respondents said their organisations are running an active application control programme, with 25% not actively controlling or limiting the applications within their network. Some 27% are enforcing some application control policies.
10. Mobile Device Management (MDM)
Although 26% of companies haven’t yet started to address the fact that mobile devices need to be protected to the same level as laptops or desktops, over half the organisations are actively running MDMt, while 22% have already started to enforce some MDM policies within their organisations.
These results show that an encouraging proportion of companies are actively deploying protection, but most don’t feel fully prepared and are focused on further optimisation. None felt completely unprepared but all acknowledged a greater need for enhanced security.
Source: Mr. OoPpSs & Corporate Security.