Australian CIOs have given themselves a woeful report card when asked to rank their organisation’s preparedness to deal with cyber attacks, according to new research findings.
The 485 surveyed Australian IT professionals scored their organisations’ overall security posture as just 4.5 out of a possible 10 points – a failing grade by any measure. They were equally harsh in scoring their organisation’s ability to quickly detect cyber attacks (4.4) and prevent them (4.6), as well as in assessing their ability to minimise false positives (4.3).
Asked to assign the blame, nearly half of all respondents to the survey – The Efficacy of Emerging Network Security Technologies, commissioned by networking vendor Juniper Networks and carried out by security research firm Ponemon Institute – said that emerging network security technologies aren’t as effective as they should be, with high false-positive rates (56% of respondents) and unfulfilled vendor promises (54%) broadly blamed for the shortfall.
In-house security staff received a slightly stronger vote of approval, with inhouse expertise rated at an average of 5.3 out of 10.
Tellingly, fully 55% of respondents established a causative link between those two measures, noting that effective use of technological measures requires inhouse staff with the skills to use them properly.
The survey findings reflect those of recent Gartner research that encouraged business and IT leaders to prioritise the assignment of funding and skills to new projects throughout their lifecycle. Yet broader issues about availability of IT security skills continue to cause their own problems, with some industry experts recommending a complete rethink of IT-security hiring issues to improve the situation.
Staff weren’t the only thing fingered for the current deficiencies: many respondents to the Ponemon survey blamed a lack of holistic security vision for the shortcomings of their security models, with 58% noting that their organisation mainly focuses emerging network security technologies on the ‘inside-out’ problem and only 37% saying they take a holistic approach to security.
“It is interesting to observe that despite being armed with emerging network security technologies, organisations in Asia Pacific find themselves to be sitting ducks for external threats,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Organisations need to reflect on the shortcomings of their existing inside-out approach and seriously consider investing in a more comprehensive and holistic approach to network security in order to keep pace with a constantly evolving threat landscape.”
Intrusion prevention systems and firewalls were considered the most effective features in maintaining network security, while in half of cases application-control features were most often configured for monitoring and reporting only, rather than actual application control.
“This research worryingly indicated that organisations are aware emerging network security technologies are not as effective as they should be and only address part of the cyber security attacks perpetrated upon them,” Greg Bunt, Juniper Networks’ Asia Pacific director for security sales, said in a statement.
“Companies need to renew their focus on zero-day defence and review their security investment weighting, to assess whether the areas of greatest risk are receiving adequate attention.”