Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.
According to a new study from the Ponemon Institute, IT security and IT leaders and their staff do not see eye to eye on security objectives. In a survey of 1,825 IT professionals commissioned by Dell SecureWorks, more than 50 percent of the respondents said their organization’s board of directors and C-level executives are frequently not briefed or given the necessary information to make informed budgeting decisions regarding security priorities and investments.
“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s security strategy, challenges and goals,” said Kevin Hanes, executive director of security and risk consulting for Dell SecureWorks, in a statement.
The survey also found that 58 percent of the study’s respondents either did not think or were unsure if their organization had the necessary resources to achieve compliance with security standards and laws.
“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times still be compromised,” Hanes added.
Seventy-two percent of security and IT leaders believe it is most important to find ways to improve the organization’s security posture, while 83 percent of staff cited the minimization of downtime as the primary security objective.
When asked about the most serious security threats, security and IT leaders called third-party mistakes – such as missteps by cloud providers – a bigger threat (49 percent) than negligent insiders (37 percent). Meanwhile, IT staff members classified unsecure Web applications and negligent insiders as more serious threats.
“The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Hanes. “Every member of an organization’s…IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
