Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Application Vulnerabilities, Mobile Devices Top List of Executive Security Concerns

The (ISC)2 security professional association released a new survey showing that C-level executives consider application vulnerabilities and mobile devices as being the biggest threats to security.

The (ISC)2 security professional association released a new survey showing that C-level executives consider application vulnerabilities and mobile devices as being the biggest threats to security.

In a new study entitled ‘The View from the Top: The 2013 Global Information Security Workforce Study CXO Report‘, 72 percent of the executives named application vulnerabilities as the chief threat to the security of enterprise data – a situation they say is challenged by the fact that the demands of their organization make it difficult to develop and implement best practices around app security.

“It could likely be that the predominant approach to mitigating the risk associated with application vulnerabilities is reactive – detect when an exploit is occurring (e.g., the exfiltration of sensitive data) rather than discover and fix vulnerable code before the code is placed in operation,” the report’s authors speculated. “This conclusion is consistent with the previously stated security technology spending that is, technologies designed to detect anomalous behaviors.”

The next biggest worry to executives was mobile devices, with 70 percent of the 1,634 respondents citing them as a concern. Despite this – or perhaps because of it – many reported they had not successfully implemented mobile security policies and programs.

Advertisement. Scroll to continue reading.

“Security executives are faced with so many conflicting priorities and pressures that their decision making has become very stressful,” said W. Hord Tipton, CISSP, CISA, executive director of (ISC)², in a statement. “This study demonstrates that many of today’s C-level executives find themselves in constant security catch-22s. They are frequently faced with conundrums in which there is no single answer, underscoring why enterprise security is so difficult to attain in today’s complex threat environment.”

The majority of the executives (77 percent in government and 63 percent in the private sector) feel they have too few people on their IT security staffs, with 61 percent citing business conditions as an the main obstacle keeping them from hiring more employees. Despite this, 39 percent said they were planning to increase their spending on technology in the next year as opposed to staffing (35 percent).

The data was collected as part of the group’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton and analyst firm Frost & Sullivan.  

“It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions,” commented William Stewart, senior vice president at Booz Allen Hamilton, in a statement. “One of the biggest obstacles security departments face is the dynamic interplay between an organization’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritizing critical assets, closely collaborating with the other organizational leadership and conducting thoughtful and forward-looking threat analysis.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.