Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:20 AM
Dark Reading
Dark Reading
Products and Releases

Syncsort Survey Finds Disconnect Between Confidence in IT Security Programs and Data Breaches

Despite an Optimistic Security Outlook, 61 Percent of Organizations Report They Have Either Experienced a Security Breach or Aren't Sure

Pearl River, NY – January 10, 2019 -- Syncsort, the global leader in Big Iron to Big Data software, today announced results from a survey exploring companies’ top IT security investments and challenges. The survey revealed a sizable gap between confidence in security programs and their effectiveness

The survey of over 300 respondents found that while 85 percent of respondents are either very or somewhat confident in their organization’s security program, 41 percent said their company had experienced a security breach and 20 percent more were unsure.

The survey also uncovered several challenges and liabilities in security practices that contradict their high levels of confidence.

IT Infrastructure Knowledge and Security Investments Reveal Vulnerabilities Around Newer Data Sources

  • Respondents had firsthand knowledge of security for Windows servers (69%), followed by network infrastructure (54%).
  • In contrast, only seven percent were familiar with newer, but widely-adopted data storage options like Hadoop data lakes.

Cloud and Compliance Are Security Challenges

  • Twenty-eight percent of respondents named adoption of cloud services as their top security-related challenge, followed by growing complexity of regulations (20%) and insufficient IT security staffing (19%).
  • The regulation most respondents had to adhere to was GDPR (37%), followed by HIPAA and SOX (32% each).
  • Security (42%) and cloud computing (35%) are organizations’ top two IT priorities in the coming year.

Most Organizations Only Perform Security Audits Annually

  • Thirty-two percent of responding organizations only perform security audits annually, while 23 percent do so every three months and 19 percent every six months.
  • The most popular areas examined in audits include application security (72%), backup/disaster recovery processes (70%), network security (69%), antivirus programs and password policies (67% each).

Organizations Are Investing in Security, but Mostly Around Basic Measures

  • Almost half of respondents (46%) reported increased spending on security-related technology over the past three years. Thirty-five percent (each) developed or significantly updated a security program and increased spending to support cybersecurity initiatives.
  • The top three security investments include network firewall (69%), virus protection (66%) and malware protection (65%), while investments in newer approaches like data tokenization (18%) are starting to emerge.
  • In the coming year, 39 percent plan to invest in internal staffing and skills, while 23 percent plan to invest in intrusion prevention and 21 percent in patch management.

Data Breaches Are Common, and Most Organizations Don’t Meet Breach Response Metrics

  • Forty-one percent of organizations have experienced data breaches, while 39 percent have not, and 20 percent say they don’t know.
  • The most common type of breaches were virus/malware attacks (76%) and phishing (72%). Interestingly, virus attacks came from internal sources roughly half the time while phishing usually came from external sources (78%).
  • Fifty percent of breaches were identified in less than a day, while 26 percent were identified in less than a week.
  • Mean time to respond was the breach metric most often met (41%), followed by mean time to resolve (35%).
  • Following a breach, companies’ most common action was to increase training for IT staff (43%).

“The good news is most organizations are auditing their security systems,” said Terry Plath, Senior Vice President, Support and Services, Syncsort. “The bad news is more than two-thirds of audits are done by in-house staff – meaning they’re more likely to be biased – and only once per year. This may not be enough to keep up with the newer and more sophisticated approaches malicious hackers are constantly developing. The bottom line is that data security requires increased focus from IT organizations, particularly against the backdrop of increasing compliance regulations and emerging data rights.”

For more information on the study results, register for our webcast, “The State of IT Security for 2019: Results from Syncsort’s Security Survey.”


Syncsort polled over 300 respondents, 78 percent of whom have more than 100 employees at their organization. Participants represented a range of industries including government & public safety, education, financial services and healthcare.

About Syncsort

Syncsort is the global leader in Big Iron to Big Data software. We organize data everywhere to keep the world working – the same data that powers machine learning, AI and predictive analytics. We use our decades of experience so that more than 7,000 customers, including 84 of the Fortune 100, can quickly extract value from their critical data anytime, anywhere. Our products provide a simple way to optimize, assure, integrate, and advance data, helping to solve for the present and prepare for the future. Learn more at syncsort.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.