Story image

Intel Security study reveals huge disconnect between IT execs and staff about cybersecurity strategy

07 Mar 2017

Intel Security and the Centre for Strategic and International Studies (CSIS) says there’s still a mismatch between IT professionals whose job it is to defend against cyber attacks and the attackers to enact them.

The two companies released a study of 800 security professionals, titled 'Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity’.

The report showed that while 92% of Australian organisations have a cybersecurity strategy, only 42% have fully implemented them.  

This is lower than the global average of 93% of organisations having a strategy, with 49% implementing them.

However, the disconnect is pronounced between IT executives and staff; which found that 60% of IT execs think their strategy is fully implemented, compared to only 30% of IT staff. 

Intel and CSIS believe the misalignment of success between IT executives and operators as well as between strategy and implementation, are both leaving organisations vulnerable to attacks. 

“Cybercriminals have a clear financial incentive for their work and are rewarded for innovation and the sharing of information and workings,” comments Intel Security APAC VP, Daryush Ashjari.

“The price of cybercrime is reason enough to learn from the way cybercriminals work and introduce direct incentives for employees as well as increased transparency within businesses. In turn, this will help to increase responsiveness to cyber attacks and ensure that businesses are as nimble and agile as the criminals they seek to apprehend,” Ashjari continues.

In addition, 56% of those surveyed said their role ‘lacks incentive’, and 60% believe their organisation is more concerned about reputation than security itself. However, 65% are personally motivated to strengthen their organisation’s security.

Non-executives are also more likely to see shortfalls in funding and staffing as barriers to implementing their cybersecurity strategy.

95% of respondents had experienced security breach effects, including loss of IP, disruption of operations, harm to reputation and company brand. However, only 32% report experiencing revenue or profit loss, leading to a false sense of security.

The government sector was least likely to have a fully-implemented cybersecurity strategy (38%).

“It’s easy to come up with a strategy, but execution is tough. How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It’s not a matter of ‘what’ needs to be done, but rather determining ‘why’ it’s not getting done, and ‘how’ to do it better.”  says Denise Zheng, director and senior fellow, technology policy program at CSIS.

As a result, cybercriminals are operating in a ‘dynamic’ marketplace, while organisations are caught up in bureaucratic hierarchies. 

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.