Some 42 percent of IT security professionals ignore critical security issues, especially if they don’t know how to fix them (16 percent), according to a recent survey of 155 IT professionals by Oyutpost24.
It’s also disconcerting that only 47.1 percent of respondents said they remediate security vulnerabilities as soon as they are discovered, while 16.8 percent prioritize them based on business need, once or twice a year (5.2 percent), or at a set time every quarter (6.5 percent). Immediately patching known vulnerabilities is good security practice, as it helps protect organizations from threat actors that immediately seek to weaponize publicly disclosed vulnerabilities. The survey shows that less than half of organizations adhere to this practice, so the rest are likely more exposed to potential security breaches.
Concern about the security of their organization’s cloud infrastructure is shared by 25 percent of respondents, while 23 percent mostly worry about internet-of-things (IoT) devices connecting to their infrastructure. Mobile devices was cited by 20 percent as a major concern, followed by the security of web applications, at 15 percent.
With 75 percent of respondents using commercial cloud infrastructures, the shared belief is that their own data centers and infrastructures are the most secure (95 percent).
Security testing is also common; only 7 percent of IT professionals fail to perform any, while 68 percent seek the services of penetration testers to uncover vulnerabilities. Out of those, 46 percent revealed that pentesters have helped them uncover critical issues that threat actors could have leveraged to compromise the organization.
Half of CISOs admitted they have been breached in the last year, and one in six failed to determine how the breach occurred, according to a Bitdefender survey. It’s likely that a cause for this could be that IT professionals ignore security warnings.