A new study produced by the Ponemon Institute revealed that security professionals find their organization’s current enterprise security implementations disappointing. The study, surveying nearly 5,000 global IT security practitioners, also discovered a lack of communication between IT security and management, therefore, weakening the companies’ ability to reduce the risk of a cyber attack.
According to the “Roadblocks, Refresh and Raising the Security IQ” report, 31 percent of cyber security teams never speak with their executive team. Of those that did, 23 percent spoke on an annual-basis, 19 percent spoke semi-annually and only 1 percent spoke weekly.
In addition, nearly 30 percent of respondents reported the desire to overhaul their current security system to one that was more efficient and secure. Nearly 50 percent said they were frequently disappointed with the level of protection a security solution resulted offering them.
Lastly, nearly 50 percent of the companies represented in the survey reported not providing cybersecurity education to their employees. Furthermore, only 38 percent of respondents believed their company was investing enough in skilled personnel and technologies in order to effectively execute their organization’s cyber security objectives or mission.
“This security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe,” said John McCormack of Websense—the study’s sponsor. “It’s not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”
The security practitioners surveyed had an average of 10 years’ experience in the field from 15 countries: Australia, Brazil, Canada, China, France, Germany, Hong Kong, India, Italy, Mexico, the Netherlands, Singapore, Sweden, United Kingdom and the United States.
Additional key findings from the report included:
- The top three events that respondents believe would encourage executive teams to invest in cyber security initiatives are: exfiltration of intellectual property, data breaches involving customer data and loss of revenue due to system downtime
- 56 percent believe a data breach would trigger a change of security vendors
- APT’s and data exfiltration attacks rank as top fears for IT security personnel
- 49 percent claimed to be planning significant investments and adjustments to their company’s cyber security defenses throughout the next year
- 42 percent of respondents say their organizations have undergone a cyber threat modeling process
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, confirmed there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. However, the study revealed some hope for improvement and investments in the future for technology and education.
The report also offers conclusions drawn from the data, as well as recommendations for addressing the issues in security technology, communication and education.
A separate study conducted by the Ponemon Institute, titled “The State of Risk-Based Security,” researched how organizations are quantifying and evaluating various security risks that impact an organization’s information assets and IT infrastructure.
Read More Here…