Story image

Intel Security study reveals huge disconnect between IT execs and staff about cybersecurity strategy

07 Mar 17

Intel Security and the Centre for Strategic and International Studies (CSIS) says there’s still a mismatch between IT professionals whose job it is to defend against cyber attacks and the attackers to enact them.

The two companies released a study of 800 security professionals, titled 'Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity’.

The report showed that while 92% of Australian organisations have a cybersecurity strategy, only 42% have fully implemented them.  

This is lower than the global average of 93% of organisations having a strategy, with 49% implementing them.

However, the disconnect is pronounced between IT executives and staff; which found that 60% of IT execs think their strategy is fully implemented, compared to only 30% of IT staff. 

Intel and CSIS believe the misalignment of success between IT executives and operators as well as between strategy and implementation, are both leaving organisations vulnerable to attacks. 

“Cybercriminals have a clear financial incentive for their work and are rewarded for innovation and the sharing of information and workings,” comments Intel Security APAC VP, Daryush Ashjari.

“The price of cybercrime is reason enough to learn from the way cybercriminals work and introduce direct incentives for employees as well as increased transparency within businesses. In turn, this will help to increase responsiveness to cyber attacks and ensure that businesses are as nimble and agile as the criminals they seek to apprehend,” Ashjari continues.

In addition, 56% of those surveyed said their role ‘lacks incentive’, and 60% believe their organisation is more concerned about reputation than security itself. However, 65% are personally motivated to strengthen their organisation’s security.

Non-executives are also more likely to see shortfalls in funding and staffing as barriers to implementing their cybersecurity strategy.

95% of respondents had experienced security breach effects, including loss of IP, disruption of operations, harm to reputation and company brand. However, only 32% report experiencing revenue or profit loss, leading to a false sense of security.

The government sector was least likely to have a fully-implemented cybersecurity strategy (38%).

“It’s easy to come up with a strategy, but execution is tough. How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It’s not a matter of ‘what’ needs to be done, but rather determining ‘why’ it’s not getting done, and ‘how’ to do it better.”  says Denise Zheng, director and senior fellow, technology policy program at CSIS.

As a result, cybercriminals are operating in a ‘dynamic’ marketplace, while organisations are caught up in bureaucratic hierarchies. 

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.