Tripwire has announced the results of an extensive survey, conducted by Atomik Research, on the state of foundational security controls.

The survey found that although over 100 million records had been comprimised in retail data breaches over the last 12 months, 77% of retail IT professionals are "confident" that all of the devices on their network are running only authorized software.

This was in contrast to the 10% of security professionals who were "very confident" in their patch management program, a fundamental security control.

Only 47% of IT professionals were "confident" in the secure configuration of routers, firewalls and modems connected to their network. Secure configuration is a basic security control, which only highlights the seriousness of the survey findings.

Amar Singh, Chair ISACA UK SAG, Founder of the Cyber Management Alliance and Give01Day.com commented: "This survey clearly shows the disconnect between the executive branch and the IT branch and the false sense of security within a typical organization. This, in my opinion, false level of confidence may stem from several factors including the false belief that if no breach has been discovered ‘we must be secure’."

The survey respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K. Respondents were asked about the level of confidence they have in their application of basic security controls, including hardware and software inventory, vulnerability management, patch management and system hardening.