Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Application Vulnerabilities, Mobile Devices Top List of Executive Security Concerns

The (ISC)2 security professional association released a new survey showing that C-level executives consider application vulnerabilities and mobile devices as being the biggest threats to security.

The (ISC)2 security professional association released a new survey showing that C-level executives consider application vulnerabilities and mobile devices as being the biggest threats to security.

In a new study entitled ‘The View from the Top: The 2013 Global Information Security Workforce Study CXO Report‘, 72 percent of the executives named application vulnerabilities as the chief threat to the security of enterprise data – a situation they say is challenged by the fact that the demands of their organization make it difficult to develop and implement best practices around app security.

“It could likely be that the predominant approach to mitigating the risk associated with application vulnerabilities is reactive – detect when an exploit is occurring (e.g., the exfiltration of sensitive data) rather than discover and fix vulnerable code before the code is placed in operation,” the report’s authors speculated. “This conclusion is consistent with the previously stated security technology spending that is, technologies designed to detect anomalous behaviors.”

The next biggest worry to executives was mobile devices, with 70 percent of the 1,634 respondents citing them as a concern. Despite this – or perhaps because of it – many reported they had not successfully implemented mobile security policies and programs.

“Security executives are faced with so many conflicting priorities and pressures that their decision making has become very stressful,” said W. Hord Tipton, CISSP, CISA, executive director of (ISC)², in a statement. “This study demonstrates that many of today’s C-level executives find themselves in constant security catch-22s. They are frequently faced with conundrums in which there is no single answer, underscoring why enterprise security is so difficult to attain in today’s complex threat environment.”

The majority of the executives (77 percent in government and 63 percent in the private sector) feel they have too few people on their IT security staffs, with 61 percent citing business conditions as an the main obstacle keeping them from hiring more employees. Despite this, 39 percent said they were planning to increase their spending on technology in the next year as opposed to staffing (35 percent).

The data was collected as part of the group’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton and analyst firm Frost & Sullivan.  

“It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions,” commented William Stewart, senior vice president at Booz Allen Hamilton, in a statement. “One of the biggest obstacles security departments face is the dynamic interplay between an organization’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritizing critical assets, closely collaborating with the other organizational leadership and conducting thoughtful and forward-looking threat analysis.”

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.