According to a recent survey by Syncsort, there are inconsistencies relating to how confident companies are about the strength of their cyber-security posture, and how well they actually fare when it comes to protecting their systems and data.
85% of the respondents expressed confidence in their ability to stave off cyber-security threats, while 41% admitted to suffering a security breach. Additionally, 20% of respondent said they didn’t know if they had suffered a breach. So, what is the reason for this disconnect?
The main reason is a lack of regular security auditing.
Why Security Audits Are Vital for Preventing Breaches
Of the 300+ respondents who were questioned in the above survey, 32% only conduct audits annually. 19% do so every 6 months, and 23% every 3 months.
However, it’s not just the frequency of the audits that is responsible for the inconsistencies mentioned above, but also the way these audits are carried out.
Many companies still place far too much emphasis on perimeter-based security methods. As such, they tend to focus more on things like firewalls, password policies, backups and web application security. While it is unquestionably important to ensure that perimeter defenses are as tight as possible, it’s not going to get to the root of the problem.
According to a report published by Shred-it – a company that deals with secure paper shredding and media destruction – U.S. companies believe that “employee negligence” is the “biggest information security risk”.
Assuming this is true, it would make more sense for companies to make auditing the behavior of their own employees a priority.
Should You Share Your Security Audit Results?
Even with regular security awareness training, employees may still lack the insights they need to protect the data they entrusted with. Sharing the audit results with employees may help them better understand their role, understand the consequence of their actions, and help them to identify and mitigate threats more easily.
It can also improve relations between the IT department and regular employees. After all, employees have been known to react in a resentful manner towards IT staff because they don’t fully understand the reasons why they are being pursued, and view auditors as an unnecessary burden. With a bit more transparency, some of these ill-feelings between staff members can remedied.
Additionally, it’s possible that an employee may spot an anomaly that wasn’t detected by the IT department.
Companies Must Do More
Auditing security events once every year, once every 6 months, or even once every 3 months, is simply not enough to keep our data secure. Enterprises need to audit all important security events in real-time, in order to respond to security threats as they happen.
There are a number of security auditing solutions that can detect, alert and respond to a wide variety of events, such as privileged account access and anomalous file and folder activity. They can help to detect and manage inactive user accounts, as well as automatically respond to changes that match a pre-defined threshold condition, such as multiple failed login attempts or bulk file encryption.
Some of the more sophisticated solutions can also cover a variety of cloud-based platforms such as Dropbox, AWS, Office 365, and more. Reports can be automatically generated and sent to the relevant employees for them to view. Alternatively, meetings could be held where employees are talked through the results – highlighting both the positive and negative aspects.
If you would like to see a security auditing solution that will help you get more visibility over changes being made to your data and systems, check out LepideAuditor.