Time to Refresh? Global Survey Raises Concerns over Security
The last thing you want to hear is that a critical security countermeasure is not fit for purpose, but that is precisely what a significant number of security professionals are saying, in the second instalment of findings from Ponemon Institute's global cybersecurity survey. "Roadblocks, Refresh & Raising the Human Security IQ", raises further questions about the readiness and suitability of existing enterprise security technologies.
Key factors discussed in this report are:
- The communication roadblocks between security professionals and executives,
- The perceived need for a complete security technology refresh, and;
- A deficiency in cybersecurity education for employees
I will be publishing a series of articles to look at these issues which, taken in concert, highlight a knowledge and resource gap in the enterprise, increasing vulnerability levels and the risk of data security breaches. Deficiencies in any of these areas provide potential weaknesses for cybercriminals to exploit, using a range of powerful and evolving tools, easily available online.
While there were encouraging responses relating to plans for future investment and education, the results highlight the concern felt by security professionals about the protection granted by their technologies and their ability to cope with ever-evolving and more complex threats.
Communication Roadblocks
The Websense Security Labs blog clearly shows the frequency and changing nature of cybercriminal attacks, which reinforce the need for regular communication between security and executive teams, to define and enact security policy. 31 percent of survey respondents have no engagement between these groups and another 23 percent only communicate annually. Only 12 percent speak on a quarterly or more frequent basis and even this may not be sufficient to prepare policy and procedure to cope with the latest threats.
Security Refresh
Security concerns have moved on from the defacement of web real-estate and now focus firmly on targeted and persistent threats and data theft, with 64 percent of respondents acknowledging that one or the other were their primary security fear. Only 22 percent were confident that their existing security was strong enough in its current form, but significantly more (29 percent) felt that a complete overhaul of their security technologies was needed. This response is key to formulating an overall conclusion, as this is not the installation of a new program, or training a few key personnel, but a potentially global, multi-departmental, resource intensive project.
Raising the Human Security IQ
A necessity of dealing with the ever-evolving threats that cybercriminals use, is the need to maintain awareness of them and how to minimise their impact. Particularly now that these guidelines aren't as simple as "don't open strange attachments or click on suspicious links", I'm concerned that 52 percent of respondent companies provide no cybersecurity education to their employees. Security teams feel that it will take a negative event such as theft of intellectual property (67 percent) or customer data (53 percent) to compel executive teams to take action and increase cybersecurity resources.
Professionals on the front line of cybersecurity have voiced their concerns that their existing countermeasures will not protect them, particularly against targeted, persistent data exfiltration attacks. These threats are evolving constantly, adapting to security updates and exploiting newly discovered vulnerabilities. Those organisations not educating employees or not adopting a complete risk-based security strategy will find themselves facing increasing risks with serious financial and reputational consequences. I recommend that you download the second part of this survey, "Roadblocks, Refresh & Raising the Human Security IQ" to gain a more complete picture of the survey findings, and join us for the serious of articles delving deeper into the issues, recommendations and conclusions.