If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.
This is according to new research from CORE Security. In a survey of 100 CEOs and 100 CISOs, the company found that 36 percent of the CEOs said the CISO never reports to them on the state of IT infrastructure security. Some 27 percent said they receive updates on a somewhat regular basis.
“CEOs are looking at the issue of security in business terms while the Chief Security Officer is looking at it in technical terms,” Mark Hatton, CEO at CORE Security, told SecurityWeek. “Security protection is often viewed as an expense, not something that can save your business from being hijacked, extremely embarrassed or devalued – or even something that can get them fired. At the same time, CISOs are often ill-equipped to explain this to their CEOs in part because they frequently don’t know themselves how to process the data that they have.”
Additionally, more than 60 percent of CISOs said they were very concerned about their IT systems experiencing a breach, only 15 percent of CEOs were very concerned about their network being attacked. Sixty-five percent of CEOs confessed to not having the sufficient data needed to interpret how security threats translate to overall business risk.
“These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets,” said Patricia Foye, senior vice president of marketing at CORE Security, in a statement. “The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least. CEOs need to bring their security teams into the mainstream of day-to-day operations. Security and continual risk assessment should be woven into the fabric of operational reviews and should be an agenda item at the Board of Director level.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
