Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:40 PM
Dark Reading
Dark Reading
Products and Releases

Security Pros @ Black Hat Say C-Suite Has "Head in the Sand," Not Paranoid Enough

Survey Conducted During BSides Conference at Black Hat Includes Responses from Senior Security Executives at Fortune 1000 Companies

SEATTLE, WA – August 27, 2015DomainTools, the leader in domain name and DNS research, today released its first annual BSides survey revealing that 35 percent of security experts believe leadership within their organization lacks a “healthy paranoia,” with 21 percent of leadership “relying on hope as a strategy” to avoid a cyber security breach. Conducted live during the week of Black Hat, the findings indicate that nearly half of those polled worry that the DNA of their organization is not security-driven, citing a “lack of situational awareness” within the company. Not surprisingly, the number one complaint was that the leadership team was making decisions without involving the security team – those closest to the risk.

The DomainTools survey validated that budgets are not keeping pace with the acceleration of cyberthreats, with nearly half (47 percent) of respondents stating their budgets were inadequate for the task at hand and two-thirds of the remaining group stating a desire for more funding above the current “acceptable” levels. These findings mirror a recent PwC 2015 Global State of Information SecurityReport, which indicated that although cyber security incidents have increased by 66 percent year-over-year since 2009 and are costing 34 percent more in financial loss since 2013, security budgets have declined 4 percent.

Other key findings of the survey include:

●      40 percent believe infrastructure and tools are an overlooked priority at their company.

●      58 percent of security experts cited a lack of security-focused education within the organization as a top concern.

●      Nearly one third of security executives are concerned that leadership views security as an “IT problem”, reinforcing a siloed mentality.

●      40 percent of security executives believe leadership is starving the security team of resources due in part to the unwillingness to understand how key security initiatives can be used to mitigate potential breaches.

“Despite the general increased awareness about security breaches within the public domain, we were surprised that nearly half of security executives felt their organization lacked a security-centric DNA,” said Tim Chen, CEO of DomainTools. “As we have seen with great clarity over the last 12-24 months, safety of a company's employees, customers and brand all run through the security organization whether a CEO prefers that or not.”

The DomainTools survey was conducted live at the BSides Las Vegas conference during Black Hat and is comprised of over 50 interviews from top security executives at Fortune 1000 companies across all major industry groups. For more information on DomainTools please visit www.domaintools.com

About DomainTools®

DomainTools is the leader in domain name and DNS-based cyber threat intelligence. With over 14 years of ‘cyber fingerprint’ data across the global Internet, DomainTools helps companies assess security threats, profile attackers, investigate online fraud and crimes, and map cyber activity in order to stop attacks. Fortune 1000 companies, global government agencies, and many security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on criminal activity at http://www.domaintools.com or follow us on Twitter:@domaintools.



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.