Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.
According to a new study from the Ponemon Institute, IT security and IT leaders and their staff do not see eye to eye on security objectives. In a survey of 1,825 IT professionals commissioned by Dell SecureWorks, more than 50 percent of the respondents said their organization’s board of directors and C-level executives are frequently not briefed or given the necessary information to make informed budgeting decisions regarding security priorities and investments.
“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s security strategy, challenges and goals,” said Kevin Hanes, executive director of security and risk consulting for Dell SecureWorks, in a statement.
The survey also found that 58 percent of the study’s respondents either did not think or were unsure if their organization had the necessary resources to achieve compliance with security standards and laws.
“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times still be compromised,” Hanes added.
Seventy-two percent of security and IT leaders believe it is most important to find ways to improve the organization’s security posture, while 83 percent of staff cited the minimization of downtime as the primary security objective.
When asked about the most serious security threats, security and IT leaders called third-party mistakes – such as missteps by cloud providers – a bigger threat (49 percent) than negligent insiders (37 percent). Meanwhile, IT staff members classified unsecure Web applications and negligent insiders as more serious threats.
“The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Hanes. “Every member of an organization’s…IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”