Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.
According to a new study from the Ponemon Institute, IT security and IT leaders and their staff do not see eye to eye on security objectives. In a survey of 1,825 IT professionals commissioned by Dell SecureWorks, more than 50 percent of the respondents said their organization’s board of directors and C-level executives are frequently not briefed or given the necessary information to make informed budgeting decisions regarding security priorities and investments.
“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s security strategy, challenges and goals,” said Kevin Hanes, executive director of security and risk consulting for Dell SecureWorks, in a statement.
The survey also found that 58 percent of the study’s respondents either did not think or were unsure if their organization had the necessary resources to achieve compliance with security standards and laws.
“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times still be compromised,” Hanes added.
Seventy-two percent of security and IT leaders believe it is most important to find ways to improve the organization’s security posture, while 83 percent of staff cited the minimization of downtime as the primary security objective.
When asked about the most serious security threats, security and IT leaders called third-party mistakes – such as missteps by cloud providers – a bigger threat (49 percent) than negligent insiders (37 percent). Meanwhile, IT staff members classified unsecure Web applications and negligent insiders as more serious threats.
“The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Hanes. “Every member of an organization’s…IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
