SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
C-Suite and IT leaders don't see eye-to-eye on security
Mon, 4th Jul 2016
FYI, this story is more than a year old

Further research is proving that Australian businesses don't take cybersecurity seriously enough, with a price tag of $17 billion. The Economist Intelligence Unit (EIU) research, backed by VMware, has found that there is severe misalignment between what IT leaders and executive leaders are thinking.

The Australian Crime Commission estimates the annual direct cost being $1 billion or even as much as $17 billion - 1% of total GDP. Given the high costs and risk, Raymond Maisano, VMWare sales director for software-defined data center (SDDC) believes that while security breaches are inevitable, data center damage can be mitigated through new approaches to IT infrastructure and network management.

“Forward-thinking organisations understand that the reactive security of today is no longer doing its job. They also acknowledge that people and systems can be easily bypassed or blindsided if the business lacks a ubiquitous IT architectural plan that cuts across all levels of compute, network, storage, clouds and devices. By taking a software-defined approach to IT that ensures security is ‘architectured' into everything, these businesses have gained the flexibility required to succeed as a digital business,” says Maisano.

VMWare believes there must be a layer between physical infrastructure and applications, Server virtualisation has been the most common method that covers a variety of bases, including networking, storage, cloud and devices. The EIU research states that 29% of Australian businesses expect to be targeted by a cyber attack in the next 90 days.

"Border-based network security has proven to be somewhat effective, but with more than 70 percent of successful cyber-attackers gaining insider access through lost, stolen or weak credentials, it's clearly not enough. Organisations need to look seriously at how to extend security deeper into the data center, and with VMware's NSX, we can offer a unique security solution at the hypervisor level," says Maisano.

The EIU research, conducted from January to February 2016, surveyed 1100 senior executives in both C-suite and IT roles. Additional information was provided in March, which enabled regional analysis of data security practices in Australia, Japan, China and China.

The EIU research discovered that while 84% of Australian IT leaders said they'd experienced a cyber attack, only 75% of C-suite business leaders indicated so.

In addition, 27% of IT leaders believe cyber security is their number one corporate priority, only 5% of C-suite business leaders thought the same.

Perhaps a telling sign of the mismatch, 19% of C-suite business leaders said their security teams were not effectively communicating cyber security issues to senior management.

Even while 27% of IT leaders believe there will be a significant security budget increase in the next two years, only 13% of C-suite business leaders believe the same, despite indicating that 'underfunded security' is a high risk to their business.

VMware says the discrepancy between both types of executives is worrying as it could eventually lead to the loss of intellectual property, competitive positioning and customer data.

Both groups agreed that critical risks include fast-evolving cyber threats, unsafe data in the cloud, careless employees and unauthorised access to corporate networks.

VMware believes that C-suite and IT leaders need to communicate more about security investment and budgetary decisions.