Poll Uncovers Gaps In Enterprise Security, Anxiety Amongst Executives
Protecting the perimeter of an enterprise is often a challenging and daunting task.
Despite the rise of managed security services, more rigid firewalls and advances in threat detection and preemptive response, many businesses are still behind the curve.
Come 2018, cyber security will remain a top priority – as large enterprises become targets of continued cyber-assaults. Yet still, there is a disconnect present in the IT field – between the security team and the C-suite executives who have the power to change or enhance a company’s security posture.
Although many IT security professionals recognize the need to be proactive about monitoring the threat landscape and fortifying the network walls, it seems that recognition often doesn’t translate to action.
In a recent survey conducted by the cyber security company CyberArk, 1,300 IT security professionals were quizzed about the strategies in place within their enterprise.
The findings are somewhat troubling.
See Related: Tick, Tock: New SWIFT Security Regs Take Hold Jan. 1
FierceCEO, which reported the findings, writes that half of polled businesses did not fully inform their customers when their data was tampered with in a cyber-attack.
For enterprises within the EU and those that handle EU citizen data, GDPR will soon enforce strict penalties for lapses like that. (The regulation goes into effect in May 2018.)
What’s more, the survey also found that one-third of respondents did not have proper knowledge of security measures in place (likely their own).
Nearly half (46%) of respondents claimed that their organization would not be able to thwart all attempts to tap into their internal network.
Nearly two-thirds (63%) of business respondents voiced their concern about the enterprise being open to attack. One particular worry: phishing campaigns that target the C-suite.
Despite the concern, 49% of business respondents cite insufficient knowledge about security policies. Meanwhile 52% said they were unsure of their own role in incident response.
The human element was also reeled into this survey, as 42% of line-of-business respondents said they stow passwords away in a document on their company laptop or PC. Additionally, one-fifth cited recording passwords in paper notebooks or storing them away in filing cabinets.
In terms of privileged access solutions, almost one-third of respondents said they do not use them to both store and manage privileged or administrative passwords.
Despite the apprehension, the survey found that 44% of prospective business partners gauge the security strength of the business before signing on the dotted line.
Over a half (51%) of the polled organizations allow third party vendors to gain remote access to their networks. A subset of this group (23%), fail to monitor the third party’s remote activity.
Adam Bosnian, executive vice president of global business development at CyberArk, spoke to FierceCEO about the findings. “There is work to be done to show a recognition that challenges remain and need to be addressed,” he said.
The findings suggest that while there is more recognition in business settings about the scope and importance of cyber security, there is still not enough action being taken to remedy some of the most glaring cyber issues.
Come 2018, CISOs will likely continue to open a dialogue with boardroom members – outlining the need for cyber practices and resilient infrastructure. Nevertheless, change is often hard to come by. CISOs must continue to hone their business and IT languages, to translate these issues to executives.
These mostly stagnant findings show that despite the fear of cyber-attacks, CEOs and other C-level employees must entertain the possibility of stricter cyber policies moving forward.
The research and advisory firm even listed breach anxiety as a top executive reason for increased cyber spending in the coming year.