According to the results of a recent survey of 221 IT practitioners, managers, directors and executives in North America, 50 percent of respondents said their organizations are less vulnerable now than they were a year ago, compared to just 12 percent who said they're more vulnerable.
When asked why they're less vulnerable, the top five reasons provided were as follows:
- Adoption of intrusion detection and prevention systems
- Introduction or expanded use of data encryption
- Improved patch management
- Implementation of log analysis, such as SIEM tools
- Improved or increased security training for employees
The survey, conducted by Penton Research for SolarWinds, also found that 30 percent of respondents experienced fewer IT security incidents in 2015, versus 20 percent who experienced more.
Thirty-six percent of respondents said the time it took for them to respond to a threat decreased in 2015, versus 28 percent who said it increased.
Many respondents said it takes just minutes for their organizations to detect threats, including SQL injection attacks (47 percent), exploitation of known vulnerabilities (50 percent), misuse or abuse of credentials (47 percent), rogue network devices (52 percent), and security policy violations (47 percent).
Fully 55 percent of IT professionals surveyed said their organizations didn't experience any security breaches at all in 2015, compared to 29 percent who did.
"Given the heightened international media attention on IT security breaches, it was a pleasant surprise to see that 55 percent of respondents did not experience any security breaches in 2015, and only 24 percent believe a security breach is likely in 2016," Dr. Kristin Letourneau, director of research at Penton, said in a statement.
"The survey data seems to reflect a shifting focus from fear of cyberattack to the implementation, maintenance and refinement of established and effective security systems," Letourneau added.
Still, a separate survey of 209 respondents, conducted by Osterman Research for DB Networks, found that only 19 percent of organizations surveyed have "excellent" visibility into their data and database assets.
Thirty-eight percent don't have the mechanisms and controls in place to continuously monitor their organization's databases in real time.
Fully 59 percent of organizations lack a high degree of certainty about which applications, users and clients are accessing their databases, and 47 percent don't have anyone responsible for overseeing the security of their databases.
Just 20 percent of organizations conduct database activity assessments on a more or less continuous basis. More than half of respondents do so only once per quarter or less, and 6 percent never conduct such assessments.
"We've long suspected organizations lack the necessary tools and staff for proper database security," DB Networks chairman and CEO Brett Helm said in a statement. "This study finally revealed why organizations' data has become so vulnerable to attack. Simply assigning responsibility for database security and equipping them with continuous and real-time visibility into their databases would be an important first step for any organization."
A recent eSecurity Planet article offered advice on improving database security.