Everyone Except Executives and Board Members Sit Down – You Are the Risk
Dark Reading released its annual security white paper, compiled from a poll of 300 IT and security leaders. The findings are not really surprising, but a few tidbits are hard to reconcile. The 2018 Security Survey does require registration, so expect a call from OpenText, the sponsor of the paper.
In a nutshell, the respondents expect to face more data breaches in the new year and believe they are not fully ready to protect themselves from intruders. What are they worried about? Attack volumes, mobile device usage, inefficient patching practices, and poorly implemented security strategies. Now, what I find strange, apart from the attack volumes, is that the rest of the concerns could be solved, if the organizations had the desire and wherewithal to address the issues. Guess not.
Another result, which I don’t understand, is that top management support for cybersecurity is declining. Do they not read the news? Every day some poor organization is hacked in some way. Are they just jaded and think this is simply a cost of doing business? Or is it that because they haven’t been attacked they think they are safe and it won’t happen in the future? I just don’t understand. On the other hand, more are buying cybersecurity insurance policies. To me, that’s a cop out – not that it’s a bad idea, but it is just shifting the blame and putting the reparation into the hands of an insurance company.
OK, much of the rest of the report wasn’t necessarily earthshaking, except for one response, which prompted this blog. The respondents indicated that management doesn’t understand the repercussions of a data breach. This wasn’t just surprising, it was appalling! According to the report, “A quarter of respondents said their top managers don’t really get how breaches might disrupt or even destroy the business, compared with 18 percent who reported a similar lack of comprehension last year. The numbers suggest that top managers are getting worse, not better, at grasping the potential consequences of data breaches.”
In a similar vein, PwC, in its Global State of Information Security Survey (GSISS), reported only 39 percent are very confident of their attribution capabilities — that is, their ability to detect and trace cyberattacks. Who do they say is to blame? The board and the management. Now I ask you, who would be screaming if a breach occurred? You guessed it. Who would be screaming at the cost of remediation, damage – sometimes permanent – to the brand, legal repercussions or noncompliance? Well, I assume you guessed the answer to that too. As an aside, how do I get one of these jobs? According to the report, “trusted, timely, actionable information about cyber threats is a critical enabler for rapid-response capabilities that support resilience.” Couldn’t have said it better myself.
What supports the weight of this endeavor? Selecting the right tools and software that overachieves your objectives. What gets you there? A combination of Concept Searching’s unique ability to automatically generate and classify privacy and sensitive information metadata, resulting in multi-word terms and phrases, along with Netwrix’s real-time capabilities to identify security gaps, respond to attacks, and identify end user anomalies, while they are happening. Oh, did I mention compliance? With the conceptClassifier platform and Netwrix Auditor, we’ve got you covered.
See for yourself – ask for a personal demo.