IT auditing firm Netwrix Corporation has released the results of their 2016 IT Risks Report, and it makes for sobering reading with only a small number of organizations being confident in their own abilities to ward off cyber attacks.

The survey polled 826 IT professionals across 40 industries and organizations over various sizes worldwide, and found that only 17 percent were confident about their ability to beat cyber risks.

While they might not be confident in their abilities, 78 percent of respondents said that they consider visibility into IT infrastructure as being an absolutely critical part of their security strategy, while 58 percent claim that IT change controls or their absence are adequate to their business specifics and organization type.

Representing the growing threat landscape, 67 percent of those polled said that they have suffered from security incidents, with 53 percent saying that as a result of those attacks they had suffered system downtime; a further 45 percent said that those attacks also caused compliance issues.

Third-party IT auditing was becoming more popular, with 39 percent reporting they have switched from internal systems to external service providers, up from 29 percent in 2015, while IT auditing itself (both internal and through third-party providers) also increased in popularity, with 63 percent now having IT auditing processes in place versus 52 percent in 2015.

“The survey discovered an inconsistency between the initial assessment of maturity and the adequacy of IT change controls deployed by organizations and their actual ability to deal with cyber risks,” Netwrix Chief Executive Officer and Co-Founder Michael Fimin said in a statement sent to SiliconANGLE. “Ensuring security today can be a challenge even for experienced professionals. Due to this pressing need for stronger protection, more organizations establish IT auditing processes and automate related tasks to achieve deeper visibility into critical systems and data.”

“Continuous control over the IT environment will enable organizations to stay on top of what is going on across the entire IT infrastructure and mitigate the impact of unwanted or unauthorized activity to timely address security issues before they inflict significant damage,” he added.

Holistic approach

While the fact that many organizations believe they have inadequate systems in place to take the good fight up to those wishing to hack their systems, the increased use of IT auditing does at least show that business is increasingly taking a more holistic view of cyber security, with IT auditing being one part of a comprehensive strategy of defense from cyber attacks.

IT auditing itself may not have the glamor of frontline cyber defense, but given the majority of companies will be targeted by cyber attacks in 2016 (sadly true) being able to effectively track modifications in security configurations, systems, permissions and data across the enterprise assists in mitigating the risk of security breaches, and detecting them when they occur.

A full copy of the report is available here.

Image credit: 111692634@N04/Flickr/CC by 2.0