Story image

C-Suite and IT leaders don't see eye-to-eye on security

04 Jul 2016

Further research is proving that Australian businesses don't take cybersecurity seriously enough, with a price tag of $17 billion. The Economist Intelligence Unit (EIU) research, backed by VMware, has found that there is severe misalignment between what IT leaders and executive leaders are thinking.

The Australian Crime Commission estimates the annual direct cost being $1 billion or even as much as $17 billion - 1% of total GDP. Given the high costs and risk, Raymond Maisano, VMWare sales director for software-defined data centre (SDDC) believes that while security breaches are inevitable, data centre damage can be mitigated through new approaches to IT infrastructure and network management.

“Forward-thinking organisations understand that the reactive security of today is no longer doing its job. They also acknowledge that people and systems can be easily bypassed or blindsided if the business lacks a ubiquitous IT architectural plan that cuts across all levels of compute, network, storage, clouds and devices. By taking a software-defined approach to IT that ensures security is ‘architectured’ into everything, these businesses have gained the flexibility required to succeed as a digital business,” says Maisano.

VMWare believes there must be a layer between physical infrastructure and applications, Server virtualisation has been the most common method that covers a variety of bases, including networking, storage, cloud and devices. The EIU research states that 29% of Australian businesses expect to be targeted by a cyber attack in the next 90 days.

"Border-based network security has proven to be somewhat effective, but with more than 70 percent of successful cyber-attackers gaining insider access through lost, stolen or weak credentials, it’s clearly not enough. Organisations need to look seriously at how to extend security deeper into the data centre, and with VMware’s NSX, we can offer a unique security solution at the hypervisor level," says Maisano.

The EIU research, conducted from January to February 2016, surveyed 1100 senior executives in both C-suite and IT roles. Additional information was provided in March, which enabled regional analysis of data security practices in Australia, Japan, China and China.

The EIU research discovered that while 84% of Australian IT leaders said they'd experienced a cyber attack, only 75% of C-suite business leaders indicated so.

In addition, 27% of IT leaders believe cyber security is their number one corporate priority, only 5% of C-suite business leaders thought the same.

Perhaps a telling sign of the mismatch, 19% of C-suite business leaders said their security teams were not effectively communicating cyber security issues to senior management.

Even while 27% of IT leaders believe there will be a significant security budget increase in the next two years, only 13% of C-suite business leaders believe the same, despite indicating that 'underfunded security' is a high risk to their business.

VMware says the discrepancy between both types of executives is worrying as it could eventually lead to the loss of intellectual property, competitive positioning and customer data.

Both groups agreed that critical risks include fast-evolving cyber threats, unsafe data in the cloud, careless employees and unauthorised access to corporate networks.

VMware believes that C-suite and IT leaders need to communicate more about security investment and budgetary decisions.

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.