PUNE: Better communication and information about cyber security, right investment in skilled personnel and enabling technologies together with adoption of security measures will minimize the risk of current and emerging cyber threats, says a Websense - Ponemon Institute US report.
The report: "Exposing the Cyber security Cracks: Roadblocks, Refresh and Raising the Human Security IQ," has focused on challenges IT executives face in dealing with cyber risks, amid communication issues between IT security professionals and executives, a desire to overhaul current security systems and limited security knowledge among executives and employees.
The findings assume importance in the wake of rise in data thefts and the eventual financial losses suffered by customers of different business organizations such as banks that are encouraging use of IT and mobile technology driven services.
Based on a survey of nearly 5,000 global IT security professionals (including 545 in India), the report reveals a knowledge and resource gap in the enterprise - leading to an increased level of vulnerability and risk of data security breaches.
Web sense, Inc. is engaged in protecting organizations from cyber attacks and data theft while Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government.
Globally, 29% of respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity, the survey showed. It said nearly half (47%) the respondents felt frequently disappointed with the level of protection a security solution they had procured while only 12% had never been disappointed in their security solutions.
The report indicated that advanced persistent threats (APTs) and data exfiltration attacks rank among top fears for IT security professionals and 56% believed a data breach would trigger a change of security vendors. Encouragingly, 49% say they are planning to make significant investments and adjustments to their cyber security defenses in the next 12 months.
Despite these concerns, a high 52% of companies do not provide cyber security education to their employees and less than half (42%) the employees have undergone a cyber threat modelling process in their present role, the report says, adding that of those that did, nearly all, (94%) found it to be important in terms of managing their cyber risk.
"Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals," said Larry Ponemon, chairman and founder of the Ponemon Institute. "These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future," he added.
Communication roadblocks are barriers to reducing the risk of a cyber attack, the survey said highlighting that 25% of cyber security teams never speak with their executive team about cyber security. Of those that did, 25% speak once a year and 18% speak twice while only one percent spoke weekly.
Creating higher awareness among employee about IT threats and investing in training to help them combat such threats however seems to be a low priority for organizations the survey noted. Only 32% of respondents believe their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission. In fact, 45% of companies represented in the research do not provide cyber security education to their employees, the survey revealed.
Cyber law expert Vaishali Bhagwat told ToI that the human dimension in information security is almost ignored, yet the first to be blamed in case of a security breach incident. "Organisations run security awareness programmes to demonstrate compliance rather than deliver genuine behavior change in end users," Bhagwat said. "Security is never baked in as it is nobody's priority. In a market that is kind to the one who reaches there first, security is bound to go on the back burner unless some sanctions are imposed on organisations that release insecure products," Bhagwat said, adding, "Technology is pushed on to users without giving due consideration to human behavior and no significant efforts are being made to change human behavior so that it readily absorbs new technology to ensure its appropriate use."
"This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cyber criminals to attack organizations across the globe," said John McCormack, Websense chief executive officer. "It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft."
Source: Secondary
