Security News > 2023 > April > Companies carry unquantified levels of risk due to current network security approaches

"Complex networks, large customer bases, and long supply chains make these industries highly susceptible to attacks. The study reveals that given the current organizational approaches to network security, companies cannot be continuously compliant, and as a result carry with them unquantified levels of risk to the confidentiality, integrity, and availability of systems and data." said Phil Lewis, CEO, Titania.

"A determined attacker will try a combination of approaches to access a network until they gain entry, and known vulnerabilities or misconfigurations are an easy way in. Companies must adopt both a zero trust mindset and network security best practices, to minimise the attack surface, inhibit lateral movement, and prevent intruders from meeting their goals," continued Lewis.

100% of respondents reported effective categorization and prioritization of compliance risks with their network security tools.

74% of oil and gas, 67% of telcos, and 67% of banking and financial services respondents listed inability to prioritize remediation based on risk as a top challenge in meeting security and compliance requirements.

45% reported response and resolution of critical network configuration security risks within 1-3 days.

The PCI Security Standards Council recently released the most significant changes to its standard since 2004, promoting effective network segmentation, security as a continuous process, and enhanced validation of compliance to address the increases in risks that commercial enterprises need to mitigate.

News URL

https://www.helpnetsecurity.com/2023/04/07/compliance-requirements-challenges-for-organizations/