Attacks/Breaches

1/24/2019
01:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Overlooked and Underappreciated? IT Security Professionals are Suffering from an Image Problem

New Research from Thycotic reveals IT security professionals feel they're seen as the 'doom mongers' or a 'necessary evil' by employees

London, January 24, 2019 – The majority of UK IT security professionals feel they’re suffering from an image problem amongst fellow workers, according to new research commissioned byThycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organisations worldwide.  Nearly two thirds of respondents (63%) feel that their security teams are either viewed as the company naysayers – specifically either ‘doom mongers’ or a ‘necessary evil’ (36%). Also, 27% of respondents said company security and security professionals are just something that runs in the background which employees don’t really notice.

The research, which was conducted with 100 IT security decision makers within the UK, revealed that more than a third of respondents (38%) believe that they’re viewed as the ‘policemen.’ Worryingly, when asked if they’d ever experienced negativity towards their team and their work, 13% said this happens ‘all the time.’

Almost three quarters (74%) of security professionals reported negativity or indifference regarding the introduction of new security measures and policies: with employees believing it will hamper their work (35%), or barely noticing them (39%).  

Security professionals are also struggling to promote their value to other departments in the business. The overwhelming majority of them (90%) believe that other departments could have a better understanding of what they’re trying to achieve, whilst an equally high majority (88%) feel that it could be easier to communicate their views to executive management in other functions such as HR and Finance.

 

Execs feel board perceives them as functional, not a force for competitive advantage

When it comes to how they’re perceived by the C-suite, there are further challenges: 56% feel that they’re restricted by the board, which may be accounted for by the fact that only 41% of organisations have a CISO in place on the board.  Whilst the security team can be instrumental in business transformation, only 44% believe that the C-suite sees them as a positive force for innovation and just one in 10 respondents (13%) believe that the board sees them as helping the company to gain a competitive advantage. 

 

It also suggests that boards may be paying lip service to IT security teams, as there is a disparity between what the board says and how this translates into investment.While 87% of security professionals believe that the board listens to them and values their input, a considerable proportion (62%) believe that the board can’t always see the business case for security investments. 

Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic notes, “At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives. The fact that negative opinions are rife amongst employees also suggests that security teams need to work harder to communicate the strategic importance of their roles to the business and reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly.”

 

He continues: “Clearly instrumental in this will be achieving a greater representation of CISOs at board level and improving cross-departmental communications.”  

 

For more information please go to:  https://thycotic.com/resources/cyber-security-executives-survey-report-europe/.

 

 

Research Methodology

Thycotic, commissioned independent market research specialist Vanson Bourne to undertake research. Vanson Bourne interviewed 200 IT security decision-makers in November 2018 on the position and reputation of IT security departments in companies.

 

The sample was comprised of 100 respondents in Germany and 100 in the UK with at least 1,000 employees or more from a range of private and public sectors. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.

 

Results referenced above all refer to UK respondents only.  

 

 

About Thycotic

Thycotic is the leading provider of cloud-ready privilege management solutions. Thycotic's security tools empower over 10,000 organizations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritizing productivity, flexibility and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.

 

 

For further information, please contact:

 

Media Contact

Kirsten Scott/Kelly Friend/Barry Salmon

[email protected]

éclat Marketing

+44 1276 486000

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...