Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:44 PM
Connect Directly

Report: IT, Security Departments Not Seeing Eye To Eye On Threats To The Business

While 92 percent of security professionals in new Ponemon-Lumension study say their organization suffered a cyberattack, only 55 percent of IT staffers said the same

A new report underscores a major disconnect between IT and security groups when it comes to what most threatens their organizations.

The Ponemon Institute's 2008 Security Mega Trends Survey, which was commissioned by Lumension, reveals just how far apart IT departments and security groups are when it comes to what they perceive as the biggest threats to their data today and in the next 12 to 24 months. While outsourcing risks are at the top of IT managers' worries, data breaches and cybercrime are the biggest worries for security.

More specifically, half of the IT managers said that outsourcing was a high or very high security risk to their organizations today and in the next one to two years; 44 percent also pointed to data breaches as a comparable risk today, while 40 percent expect them to be so in the next one to two years. Security professionals, meanwhile, ranked data breaches and cybercrime higher: Sixty-six percent consider data breaches high or very high risks today, while 65 percent rank them as such for the next year to two years. In addition, 65 percent say cybercrime is a high or very high risk to their organizations today, while 77 percent say it will be in the next 12 to 24 months. That's in contrast to the IT side, where 47 percent consider it a high risk today, and 49 percent expect that it will be in the next year to two years.

"We see a big disconnect between IT and security in their thoughts about data breaches and how risky that is to a business," says Pat Clawson, CEO of Lumension.

But the most disturbing disconnect was in actual breaches. While 92 percent of security professionals say their organizations had suffered a cyberattack, only 55 percent of IT staffers said the same, while 32 percent said they were uncertain. "That just floored me," Clawson says. "That shows the silos" that still exist, he says.

The two groups were far apart on Web 2.0 threats as well, with only 34 percent of IT saying the use of Web 2.0 will result in the loss of business information (including trade secrets), while 64 percent of IT security said it will. "That's a big delta -- IT is not 'getting' the risk," Clawson says.

Mobile devices is one area where both sides are on the same page, however, with nearly half of each group ranking them as a high or very high risk to the business. "We also think that mobility is dramatically contributing to data loss...mobility and mobile devices were the only area where IT and security got close" in their perceptions, Clawson says.

"The key for both IT operations and IT security is to find the common ground necessary to better wage this security battle together," says Larry Ponemon, chairman and founder of the Ponemon Institute.

Interestingly, both IT and security departments don't rate virtualization as high risk. But about half of each said the biggest danger with virtualizatoin is not being able to identify and authenticate users to multiple systems "and third parties' access to private files without authorization," according to the report.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-10
JBoss KeyCloak: XSS in login-status-iframe.html
PUBLISHED: 2019-12-10
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
PUBLISHED: 2019-12-10
openstack-utils openstack-db has insecure password creation
PUBLISHED: 2019-12-10
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
PUBLISHED: 2019-12-10
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.