News Feature | January 12, 2015

Trustwave Report: Most Companies Lack Proper Maintenance, Education For Security Solutions

By Ally Kutz, contributing writer

Data Security

Trustwave’s 2014 State of Risk Report reveals your IT clients and prospects probably need some help with maintenance protocols that will keep network security measures working properly. Trustwave’s research shows only about 40 to 50 percent of those surveyed run regular internal and external vulnerability scans on critical systems — and 15 percent perform scans twice a year, 17 to 23 percent annually, and 17 to 22 percent never run scans on critical systems.

Trustwave points out vulnerability management it is a two-part process that includes scanning across all networks, applications, and data followed by in-depth infiltration testing for the most critical assets. Trustwave suggests that businesses without in-house abilities to perform vulnerability management partner with a managed security-testing provider.

Patch management is also a vital strategy in security maintenance. Trustwave found 58 percent of companies have only partial or no patch management processes in place, making them vulnerable to security breaches. Your customers, with your help, should regularly audit patch management programs, prioritize what is most important, and review patch levels quarterly in order for correct implementation and for security.

With 60 to 80 percent of companies storing and processing financial, payment, and other sensitive data, the protection of this data is a large part of the combat against security breaches. According to the survey, 47 percent of companies store and process payment card data, which puts many at risk for theft. Trustwave suggests that only information that is utterly necessary should be stored to prevent any security breach.

In addition, with more than 60 percent of companies having policy or technical controls in place for employees to utilize bring your own device (BYOD), which necessitates monitoring of devices, both corporate-sanctioned and BYOD, in order to help prevent the spread of malware and other threats.

One of the biggest issues facing companies with security threats is the lack of security education consistencies within employee pools. When asked if regular security awareness training was performed, respondents answered as follows: 35 percent annually train, 10 percent train twice a year, 22 percent train quarterly, 12 percent train monthly, and 21 percent never train.

To request a copy of the report, click here.