Dutch companies have arranged security well, they think

Security is hot. Nowadays you have to open the newspaper and the messages about cyberattacks, data leaks, malware and phishing practices are flying your ears. Companies and governments are constantly looking for measures to secure their network and data. What about Dutch organizations? What measures have they taken and how effective are they?

In order to gain an insight into the security measures taken by Dutch organizations, TNS Kantar conducted a survey on behalf of MatrixMind among IT managers within these organizations. In July 2019, this survey was conducted among almost four hundred IT managers within organizations with one hundred or more employees.

Most Dutch organizations do have a good idea of how their own security policy and its implementation compares to best practices in the field of security. In almost eight out of ten organizations this picture is “fairly clear” to “very clear.” Not entirely surprisingly, this applies especially to the larger organizations (250 employees). And when it comes to services, they are ahead of other sectors such as logistics, industry and government.

Handling user rights wisely is always a good advice when it comes to protecting company IT. Most organizations have arranged this: 82 percent know which users and applications have access to the most sensitive data. To further protect these, the average user needs three to four user password combinations for daily work. In the meantime, the popularity of encryption is also increasing. More than two-thirds of the organizations require encryption. In fact, this is something that the larger organizations (more than 250 employees) are once again more aware of than the smaller ones (more than 100 and less than 250 employees).

Regardless of who goes on the network, it is also important to know when the network is running. The way organizations deal with logs varies greatly. In many cases these are still checked manually. In addition, in almost half of cases, the source code review of software used is not automated and many organizations opt for labor-intensive manual checks on source code.

Despite all the differences, more than three quarters of organizations – 77 percent – say they can use existing technology to find out whether a failed or successful security breach has occurred. In many organizations, therefore, confidence in this area is high. On the other hand, it is worrying that almost a quarter of organizations are unable to assess whether they have already experienced a security breach. This means that their systems and data may already be compromised without them knowing.

In combination with poor endpoint security, this ensures that organizations are vulnerable. After all, attacks often target the weakest link in the IT chain – the user. The arrival of the cloud as a dominant delivery model has made many organizations safer, according to most IT leaders. But at the same time, maintaining security has not necessarily become easier.

So is there still room for improvement in terms of security in Dutch organizations? Indeed there is. For example, automating log management frees up a lot of IT resources to be deployed elsewhere. Additional measures to detect security breaches and take measures to combat them are also highly recommended.

At the same time, it is of course nice that Dutch organizations say they have a clear picture of their own security policy. If this picture is really true, then of course they have long since recognized their potential for improvements and have now been sorted out for improvements. That would be very nice. Are you facing a leak in your company?