The Cisco 2015 Annual Security Report currently shows to what extent the companies’ perceived sense of IT security actually differs from reality. According to the report, the gap between the perception of those responsible and the actual level of the threat is widening. In this respect, in a survey of 1700 chief information security officers from nine countries, 90% expressed confidence in their company’s security measures. However, at the same time, 54% reported that their company had to deal with a security problem in the past few months.
The false sense of security of those responsible has led, by their own admission, to less than half of those surveyed resorting to standard protective measures against security breeches by, for example, installing patches or ensuring that their software is safely configured. For example, according to Cisco, only some 10% of companies use the current version of Internet Explorer. Even at Google Chrome, which updates itself, the most recent version is only installed on 64% of PCs. A further example is the Heartbleed bug, one of the most serious and dangerous security flaws of the past few years. Although the error in the Open Source Library, OpenSSL has been discovered, patched and widely publicised by April 2014, 56% of the SSL versions are older than four years and remain vulnerable.