Cost considerations limiting Australian CSOs' decision-making, but shouldn't be: survey

Australian CSOs' decision-making was driven more by economic conditions in 2013 than any other factor, according to a recent survey that also found bring your own device (BYOD) strategies continue to represent the biggest security headache for information-security executives.

Nearly 45 percent of the respondents to the survey, conducted by security vendor WatchGuard Technologies amongst 186 respondents across Australia and New Zealand, found that economic restrictions influenced their security purchases and strategy.

By contrast, other critical areas – including protection against data loss, damage to company reputation, regulatory compliance and internal policy compliance – were each only nominated by five percent of respondents.

The survey also teased out information about the frequency of regular risk assessments, with 27 percent of organisations conducting their assessments once or twice a year; 20 percent running quarterly or monthly assessments; and 19 percent running tests daily or weekly.

Fully 10 percent of respondents said they test their IT security protection less than once a year.

Regular testing of security protections is widely recognised as important to ensuring security protections remain effective despite organisational and technical change – particularly in the context of compliance with standards such as PCI DSS, which will increase the expectations of companies handling credit-card data when its 3.0 iteration is gradually rolled out over the next two years.

Such requirements are steadily increasing the requirement for CSOs to take proactive and regular steps to ensure information-security integrity – with many needing to increase the frequency of their IT policy reviews to ensure they address changing security requirements.

Although 43 percent of respondents run their entire security infrastructure inhouse, fully 30 percent of respondents said they only review security policies as needed, with six percent saying they never conduct policy reviews because they have no documented policies to review.

The numbers were even more significant because 18 percent of respondents leave the management of their security equipment to a service provider – an activity that is widely understood to require additional oversight to ensure continuing compliance with regulatory, legislative and best-practice standards.

Given the need to improve overall security protection mechanisms, WatchGuard ANZ regional director Pat Devlin said in a statement that it was “deeply concerning that economic conditions can have such a strong influence over the setting of an organisation's security strategy.”

“While everyone understands that budgets may be tight at times, cost should never be a reason for introducing short cuts when setting security standards,” he continued. “The financial costs and damage to an organisation’s reputation from a single security breach can have a significant and critical long-term impact.”

Changes in CSO behaviour will boost visibility of security initiatives, with WatchGuard going so far as to name 2014 'The Year of Security Visibility” as recent breaches of large organisations' security defences drive them in 2014 to deploy security tools to help identify vulnerabilities and set stronger policies to protect crucial data.”

“Outdated legacy defences, misconfigured security controls, and oceans of security logs make it impossible for security professionals to protect their networks and recognise important security events,” the company warned in its list of eight security predictions for the coming year.

Top-level victims, WatchGuard warned, will be targeted through their least-secure links, like partners and contractors – helping reinforce the need for better visibility.

Join the CSO newsletter!

Error: Please check your email address.

Tags BYODsecurity

More about ANZ Banking GroupCSOWatchguardWatchguard Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts