- Just 4% of IT departments have staff dedicated to analysing IT security logs and only 6% have staff dedicated to acting on security reports
- Less than 20% have enough resource to scan all IT logs that might contain security information
- Only 13% can always report detected threats to someone capable of dealing with them
IDE Group, the UK-based IT managed services provider, has released survey results suggesting that mid-sized companies aren’t adequately protecting themselves from cyber-security threats, not due to lack of investment in technology but through a lack of the dedicated, skilled resource needed to make the most of those tools.
IDE Group found that of the 100 IT decision makers surveyed, 72% have implemented a Security and Information Event Management (SIEM) solution, which combines data sources and presents security related information in an accessible form. Organisations also regularly refresh other security solutions, for example firewalls, which 83% of respondents had replaced with more modern technology within the last three years.
However, only 4% had staff dedicated to monitoring, analysing and reporting security information created by a SIEM or other source and only 6% had staff dedicated to acting on security reports. With day-to-day security management falling to multi-tasking, generalist IT resources, it’s perhaps not surprising that just 19% of organisations monitor all IT logs that might contain security information. When potential threats are identified, only 13% of organisations are communicating the intelligence to someone able to deal with it.
“Many organisations must be spending a lot of money on the latest technology and then failing to recruit the people they need to use it,” said Merlin Gillespie, Group Strategy Director at IDE Group. “Analysing live data feeds to identify cyber-attacks is something general IT staff are unlikely to be appropriately skilled for. It’s also a relentless task. There’s a lot of data to analyse and cyber-criminals don’t respect 09:00 – 17:30 working patterns. Non-specialists may struggle to be consistently effective at the level required, which seems to be born out in our survey results.”
“Of the organisations we surveyed, 75% have recently fallen victim to a cyber-attack, with 40% occurring in the last year. It’s clear that many organisations’ security practices leave very large gaps in their protection. In our view, creating actionable intelligence on the threats organisations faces can only be handled by a dedicated team. A business can either recruit and support that function in house or outsource it, engaging a service provider that specialises in security. Whatever option is taken, the result can only be significantly more credible protection.”
IDE Group’s cyber security unit, PACT, provides customers with a centralised intelligence service that identifies threats on a company’s behalf around the clock. By combining this insight with well-maintained security technologies, an organisation can maximise its opportunity to deal with whatever threat comes its way, ensuring peace of mind for the future.
– ENDS –
About IDE Group PACT
Protection Against Cyber Threats (PACT) is the IDE Group business unit focused on cyber-security. Security experts in its Security Operations Centre (SOC) analyse reports produced by a Security Information and Event Management (SIEM) solution linked to the IT logs generated by our customers’ infrastructure. Through this resource, even the most sophisticated attacks are identified. This insight, combined with IDE Group’s ability to act and a range of leading security solutions, including DDOS and endpoint protection, provides comprehensive and robust protection.
About the survey
IDE Group commissioned independent research firm, Vanson Bourne, to survey IT decision makers at 100 UK businesses of between 1,000 and 5,000 employees about their cyber-security management practices
About IDE Group
IDE Group is an AIM listed cloud and IT managed services provider focused on the UK mid-market. We help customers operate more effectively and improve their long-term return on technology investment. The value we deliver is derived from our company values, the expertise of our staff, carefully selected technologies, strong data centre capabilities, our private high-speed data networking and enterprise-grade security. Our clients include international media, medical, legal and financial institutions, public sector organisations, channel partners and many of the UK’s network carriers.
James Farquharson, Communication and Content Manager, IDE Group
+44 (0) 1202 299 799 ext. 742/+44 (0) 7792 079 442