IT security pros failing on risk strategies

IT security professionals in Europe have “significant gaps” in their enterprise risk strategies, according to research from HP.

HP questioned 500 security professionals at the recent InfoSecurity Europe conference in London, and found that 79 percent thought they had an information security risk plan in place.

However, only 14 percent were “very confident” that their current IT security solutions are giving them a complete, concise picture of their security and risk state.

“These results indicate that security professionals are not as aware as they think about the real state of their security, or what they should be doing in order to protect themselves from ever developing threats,” said Jennifer Lake, security product marketing manager at HP DVLabs.

“Security professionals should be developing an intelligent approach to enterprise security, rather than simply securing an organisation’s perimeter.”

HP said IT security pros must be able to develop a sustainable and holistic approach to securing the enterprise across data, applications, devices and networks. But the survey found that 44 percent did not have the capabilities to uncover and report vulnerabilities in custom applications, with only 60 percent carrying out real-time monitoring of security events.

The top three information security risks for organisations cited by respondents were staff inadvertently breaching security (19 percent), mobile devices (18 percent) and malware and viruses (17 percent).

Only 41 percent of respondents carry out asset analysis and prioritisation as part of their security programme.

In other security news Cabinet Office minister Francis Maude has warned that the London 2012 Olympic Games “will not be immune” to cyber attacks. Maude said the Beijing Olympics in 2008 experienced “12 million cybersecurity attacks”, and said that hackers would be looking to “disrupt” this year’s Games as well.