Survey: execs clueless, security pros unsure in fighting cyberattacks

IT security pros lack confidence in preventing cyberattackers from stealing high-value data and say upper-management lacks an understanding of the potential losses, a global study shows.

The findings of the survey, sponsored by Websense and conducted by the Ponemon Institute, point less to a need for technology and more to a lack of shared intelligence on cyberthreats and poor communications between security pros,CEOs and board-level executives, Jeff Debrosse, director of security research for Websense, said Tuesday.

[Senior managers fumble security much more often than rank and file]

The survey of nearly 5,000 IT security pros in 15 countries, including the U.S., found roughly six in 10 convinced the organizations they worked for were not adequately protected against advanced cyberattacks. About the same percentage felt the same when it came to stopping the theft of confidential data.

The lack of confidence is expected, given that no security products are capable of building an impenetrable wall against attacks, Debrosse said. To bolster confidence, security pros should share attack intelligence to get a better understanding of their foes and how to defend against them.

"We can get a lot better at what we do once we start to formalize and come up with an acceptable vetting process to share information between organizations," Debrosse said.

Progress towards more information sharing between organizations has been slow, due to fears that rivals would use the data for competitive advantage, experts say. Companies often require layers of non-disclosure agreements that hamper efforts.

Government information is also hard to get due to fears of compromising national security.

Most private data shared today is between large organizations within single industries. In 2013, President Barack Obama issued an executive order requiring federal agencies to share more information with critical infrastructure owners and operators. Efforts in that area are ongoing.

As to the relationship between a company's leaders and security pros, eight in 10 of the latter believe upper-executives do not equate losing confidential data with loss revenue, the survey found.

Other recent Ponemon research has found that the average cost of a data breach within an organization is $5.4 million. But despite that potential loss, nearly half of survey respondents said board-level executives had a "sub-par understanding of security issues."

[Survey results reveal both IT pros' greatest fears and apparent needs]

Executives often do not have a grasp on the state of defenses in an organization because security pros will describe problems in esoteric terms, Debrosse said. Security techs also tend to have "a bias that if you don't speak my techno-lingo, you must not be bright."

To clear this hurdle, both sides have to take into account each other's expertise in solving security problems. Executives have to get a fuller understanding of the risks associated with cyberattacks, and security pros need to focus on the cost-effectiveness of the approaches they take in locking down data.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyberattackssecurity assessmentsecuritysecurity awarenessPonemon Instituteadvanced persistent threatsbusiness managementwebsense

More about Websense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place