Story image

Intel Security study reveals huge disconnect between IT execs and staff about cybersecurity strategy

07 Mar 2017

Intel Security and the Centre for Strategic and International Studies (CSIS) says there’s still a mismatch between IT professionals whose job it is to defend against cyber attacks and the attackers to enact them.

The two companies released a study of 800 security professionals, titled 'Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity’.

The report showed that while 92% of Australian organisations have a cybersecurity strategy, only 42% have fully implemented them.  

This is lower than the global average of 93% of organisations having a strategy, with 49% implementing them.

However, the disconnect is pronounced between IT executives and staff; which found that 60% of IT execs think their strategy is fully implemented, compared to only 30% of IT staff. 

Intel and CSIS believe the misalignment of success between IT executives and operators as well as between strategy and implementation, are both leaving organisations vulnerable to attacks. 

“Cybercriminals have a clear financial incentive for their work and are rewarded for innovation and the sharing of information and workings,” comments Intel Security APAC VP, Daryush Ashjari.

“The price of cybercrime is reason enough to learn from the way cybercriminals work and introduce direct incentives for employees as well as increased transparency within businesses. In turn, this will help to increase responsiveness to cyber attacks and ensure that businesses are as nimble and agile as the criminals they seek to apprehend,” Ashjari continues.

In addition, 56% of those surveyed said their role ‘lacks incentive’, and 60% believe their organisation is more concerned about reputation than security itself. However, 65% are personally motivated to strengthen their organisation’s security.

Non-executives are also more likely to see shortfalls in funding and staffing as barriers to implementing their cybersecurity strategy.

95% of respondents had experienced security breach effects, including loss of IP, disruption of operations, harm to reputation and company brand. However, only 32% report experiencing revenue or profit loss, leading to a false sense of security.

The government sector was least likely to have a fully-implemented cybersecurity strategy (38%).

“It’s easy to come up with a strategy, but execution is tough. How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It’s not a matter of ‘what’ needs to be done, but rather determining ‘why’ it’s not getting done, and ‘how’ to do it better.”  says Denise Zheng, director and senior fellow, technology policy program at CSIS.

As a result, cybercriminals are operating in a ‘dynamic’ marketplace, while organisations are caught up in bureaucratic hierarchies. 

ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.