Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/9/2015
10:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Dell SecureWorks and Ponemon Institute Present the 2015 Global IT Security Spending & Investments Report

ATLANTA, June 8, 2015 -- According to findings from a new global Ponemon study: “2015 Global IT Security Spending & InvestmentsIT security and IT leaders and their staff members do not agree on security objectives.The study, commissioned by information security leader Dell SecureWorks, surveyed 1,825 IT security and IT leaders and their staff.  The participants were based in 42 countries in the following regions:  North America, Europe, Middle East, Africa, Asia Pacific, Japan and Latin America. The study’s objective was to determine the key influencers that are driving security budgets and technology purchases.

One of the key findings from the study was that more than 50 percent of the respondents surveyed stated that their organization’s board of directors and C-Level executives are frequently not briefed, nor are they given the necessary information to make informed budgeting decisions regarding  security priorities and  the investments in technology and personnel required. 

“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s  security strategy, challenges  and goals ,” said Kevin Hanes, executive director of Security and Risk Consulting for Dell SecureWorks. 

Another alarming finding was that 58 percent of the study’s respondents said they did not think or were unsure if their organization possessed sufficient resources to achieve compliance with security standards and laws.  

“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times  still be compromised,” said Hanes.   ”This is why Dell SecureWorks always advises its clients to build and maintain a robust, layered security program, so as to ensure a strong security stance and meet its compliance requirements.”

An additional finding  of note is that the security views and priorities held by the Security and IT leaders were in stark contrast to their staff members’ views and priorities.  Here are some of the responses:

·         Security and IT leaders believe it is most important to pursue improvement in the organization’s security posture (72 percent of respondents), while security and IT staff members see the minimization of downtime as the primary security objective  (83 percent of staff respondents).

·         Security and IT leaders view third-party mistakes, including those made by cloud providers, as a more serious cyber threat (49 percent of leader respondents) than negligent insiders (37 percent of leader respondents), while security and IT staff members consider insecure Web applications and negligent insiders as more serious threats (57 and 56 percent of staff respondents, respectively).

“The differing security views and priorities between the Security and IT leaders and their staff members signals a serious misalignment  between the two groups,” said Hanes.  “Every member of an organization’s Security IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.” 

“I found the responses in our ‘2015 Global Study on IT Security Spending & Investments’ surprising and enlightening,” said Dr. Larry Ponemon,  Chairman and Founder of the Ponemon Institute. “I hope IT Security and IT leaders and their staff, as well as  C-level executives and board of directors,  read this report and reevaluate their security programs to ensure that there is a thorough understanding  and  consensus among them as to their organization’s security challenges and objectives.”  

To download the complete Ponemon report:  “2015 Global Study on IT Security Spending & Investments,” please click here: http://www.secureworks.com/resources/articles/featured_articles/report-global-it-security-spending-investments

 

About Ponemon Institute
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world.  Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.

About Dell SecureWorks

Dell Inc. listens to clients and delivers innovative technology and services that give them the power to do more. Recognized as an industry leader by top analysts, Dell SecureWorks provides world-class information security services to help organizations of all sizes protect their IT assets comply with regulations and reduce security costs. For more information, visit www.secureworks.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.