The (ISC)2 security professional association released a new survey showing that C-level executives consider application vulnerabilities and mobile devices as being the biggest threats to security.
In a new study entitled ‘The View from the Top: The 2013 Global Information Security Workforce Study CXO Report‘, 72 percent of the executives named application vulnerabilities as the chief threat to the security of enterprise data – a situation they say is challenged by the fact that the demands of their organization make it difficult to develop and implement best practices around app security.
“It could likely be that the predominant approach to mitigating the risk associated with application vulnerabilities is reactive – detect when an exploit is occurring (e.g., the exfiltration of sensitive data) rather than discover and fix vulnerable code before the code is placed in operation,” the report’s authors speculated. “This conclusion is consistent with the previously stated security technology spending that is, technologies designed to detect anomalous behaviors.”
The next biggest worry to executives was mobile devices, with 70 percent of the 1,634 respondents citing them as a concern. Despite this – or perhaps because of it – many reported they had not successfully implemented mobile security policies and programs.
“Security executives are faced with so many conflicting priorities and pressures that their decision making has become very stressful,” said W. Hord Tipton, CISSP, CISA, executive director of (ISC)², in a statement. “This study demonstrates that many of today’s C-level executives find themselves in constant security catch-22s. They are frequently faced with conundrums in which there is no single answer, underscoring why enterprise security is so difficult to attain in today’s complex threat environment.”
The majority of the executives (77 percent in government and 63 percent in the private sector) feel they have too few people on their IT security staffs, with 61 percent citing business conditions as an the main obstacle keeping them from hiring more employees. Despite this, 39 percent said they were planning to increase their spending on technology in the next year as opposed to staffing (35 percent).
The data was collected as part of the group’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton and analyst firm Frost & Sullivan.
“It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions,” commented William Stewart, senior vice president at Booz Allen Hamilton, in a statement. “One of the biggest obstacles security departments face is the dynamic interplay between an organization’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritizing critical assets, closely collaborating with the other organizational leadership and conducting thoughtful and forward-looking threat analysis.”