Survey finds dangerous gap in prevention

It's no big secret: contemporary attacks are levied over the Web; attackers will craft custom malware to slither past anti-malware defenses; and any business on any given day can be compromised. That's the reality of where information security stands today.

Clearly, enterprises are aware of this as investments in many defensive technologies moved up significantly year over year, according to the ninth annual Global Information Security Survey CSO conducted along with PwC, which questioned more than 9600 business and technology executives from around the world.

For example, Web content filtering was up 75% from 65% last year, secure browsers 72% from 62%, and web services security investments 62% from 55%. Similar results are true for intrusion detection/prevention tools, vulnerability scanners, as well as security event correlation software.

More results and analysis from GISS 2011

Laggard to leader: What it takes to get there

Are you an IT security leader - really?

Enterprises are spending money on security technologies.

That's certainly good news (especially if you are a security vendor). However, as we noted in last month's cover story, What makes an infosec leader, organizations are not investing in the processes necessary to make certain those technologies are running in concert. For instance, only 43% of respondents have established centralized security information management processes.

And how's this: only 8% of those surveyed said increasing the focus on data protection was a top priority.

That's a dangerous and costly bifurcation. Without the right business processes around those technologies enterprises are lucky to gain much of their intended value.

Robbie Higgins, VP of security services at IT solution provider GlassHouse Technologies, isn't surprised. "One of the challenges a lot of security groups face is, still, justifying what they're doing. The problem is, a lot of the measures in security are qualitative more than they are quantitative, because there is that element of risk and probability," he says.

"It's not that they don't see some of the strategic side of things they need to do. They do. But they're still struggling getting to the blocking and tackling - the very basics of what needs to be done - and done right. Today, that's still their biggest priority," says Higgins.

"There are certain areas where there is great room for improvement," says Scott Crawford, managing research director at research firm Enterprise Management Associates. "Many companies make investments in lots of technologies, but they fail to cover the basics such as reading logs for potential breaches," he says.

The 2011 Verizon Data Breach Investigations Report backs what these experts are saying. That report shows that organizations often don't know for weeks, months, sometimes years after they've been breached. That study found that 86% of breached parties learned of their breach through notification from an external party, only 6% of breaches were uncovered through internal monitoring, such as reading security logs. "Clearly, businesses need to make better use of the data on their own networks," says Crawford.

Brian Honan, founder of Dublin, Ireland-based information security consultancy BH Consulting and Founder and lead of Ireland's first Computer Emergency Response Team says another area where many organizations have a process gap that needs to be filled is incident response. "You'd think with all of the talk around advanced persistent threats, and the string of high-profile breaches in the past year, that organizations would be preparing their ability to identify and respond to breaches better, but they're not," says Honan. "Most organizations do not have comprehensive incident response plans in place," he says.

"To this day we are surprised when we go and meet with new clients and they can speak very intelligently about what they want to do from a security perspective, and what their vision is, and how they want to get there," says Higgins. "But when you take a look at what they're actually doing, there's a big gap between where they are and where they want to be. In some cases, it's a canyon," he says.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Computer Emergency Response TeamEnterprise Management AssociatesISS GroupPricewaterhouseCoopersVerizonVerizonVerizon Business

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts