Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

7/17/2014
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity

New Ponemon Institute survey uncovers communication roadblocks, inefficient security systems and lack of security education for employees

AUSTIN—July 17, 2014 — Today, Websense, Inc. released new findings from the global Ponemon Institute survey, “Roadblocks, Refresh, & Raising the Human Security IQ,” which uncovered the communication challenges between IT security professionals and executives, a desire to overhaul current security systems and limited security knowledge among executives and employees. The survey of nearly 5,000 global IT security professionals reveals a knowledge and resource gap in the enterprise– leading to an increased level of vulnerability and risk of data security breaches.

“This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe,” said John McCormack, Websense CEO. “It’s not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”

The “Roadblocks, Refresh, & Raising the Human Security IQ” report surveyed IT security practitioners with an average of 10 years’ experience in the field from 15 countries: Australia, Brazil, Canada, China, France, Germany, Hong Kong, India, Italy, Mexico, the Netherlands, Singapore, Sweden, United Kingdom and the United States. Findings reveal a global consensus that organizations must fix the communication gap between the security and executive teams to protect against advanced, data stealing attacks. 

Communication Roadblocks between Security Professionals and Executives:

 

·       Thirty-one percent of cyber security teams never speak with their executive team about cyber security.

·       Of those that did, nearly a quarter (23 percent) spoke just annually, with a further 19 percent semi-annually. Only eleven percent spoke with them quarterly and one percent spoke weekly.

·       Only thirty-eight percent believe their companies invest enough in skilled personnel and technologies to be effective in executing against their company’s cyber security objectives and mission

Security Teams Call for a Complete Security System Refresh:

·       Twenty-nine percent of respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity.

·       Nearly half (47 percent) felt frequently disappointed with the level of protection a security solution they had procured ended up offering them. Only 12% had never been disappointed in their security solutions.

·       Fifty-six percent believe a data breach would trigger a change of security vendors.

·       APT’s and data exfiltration attacks rank as the top fears for IT security professionals.

·       Encouragingly, 49 percent say they are planning on making significant investments and adjustments to their cyber security defences during the next 12 months.

Raising the Human Security IQ: 

·       Fifty-two percent of companies do not provide cybersecurity education to their employees, with only 4 percent planning to do so in the next 12 months.

·       Under half (42 percent) had undergone a cyber threat modelling process in their present role. Of those that did, nearly all, (94 percent) found it to be important in terms of managing their cyber risk.

·       Security professionals feel the top three events that would compel executive teams to allocate more money to cyber security initiates are: exfiltration of intellectual property (67 percent), data breach involving customer data (53 percent) and loss of revenues because of system downtime (49 percent).

 “Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.” 

In addition to the survey results, the report also includes conclusions drawn from the data and recommendations for addressing the gaps in security technology, communication and education. A full copy of the report, including survey methodology, consolidated results and individual response rates by country is available here. 

To learn how Websense provides the industry's most advanced threat identification capabilities please visit www.websense.com/triton. 

About Websense, Inc.

Websense, Inc. is a global leader in protecting organizations from the latest cyber attacks and data theft. Websense TRITON comprehensive security solutions unify web security, email security, mobile security and data loss prevention (DLP) at the lowest total cost of ownership. More than 11,000 enterprises rely on Websense TRITON security intelligence to stop advanced persistent threats, targeted attacks and evolving malware. Websense prevents data breaches, intellectual property theft and enforces security compliance and best practices. A global network of channel partners distributes scalable, unified appliance- and cloud-based Websense TRITON solutions.

Websense TRITON stops more threats; visit www.websense.com/proveit to see proof. To access the latest Websense security insights and connect through social media, please visit www.websense.com/smc. For more information, visit www.websense.com and www.websense.com/triton.

 

About Ponemon Institute

Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit http://www.ponemon.org. 

###

 

MATTHEW MORS

Public relations


WEBSENSE, INC.
ph: +1.206.992.7518
www.websense.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.