Why C-suite expertise does not always translate to InfoSec awareness
Their experience and judgement has led C-suite executives to the head of their organisations – yet according to new research from Bitdefender, these employees are most likely to expose the company to a major cyberattack.
According to the study, which polled 250 CIOs, CISOs and CSOs, more than two in five (41%) perceive their C-suite colleagues as InfoSec averse. A similar number (42%) say they are most concerned with a loss of customer and stakeholder trust with data breaches, while more than a quarter (26%) say they fear the company being fined by the Information Commissioner’s Office (ICO) or similar.
Three quarters of those polled believe management were the most likely to flaunt data security rules, compared with the remaining 25% who believe day to day knowledge workers were the most averse to InfoSec best practice.
So what needs to be done to change this? Areas of the security stack where speed is deemed either very or critically important by InfoSec executives are based primarily around endpoint security, detection and response (75%), and anti-exploit and memory protection (74%).
Bitdefender cites one area where InfoSec executives are getting things right; increasing end-user awareness to the variety of attack vectors cybercriminals can exploit. These can be either training programmes teaching employees what to look out for on the one hand, or on the other giving employees mock-phishing and social engineering attacks.
“Our research found that nearly two thirds of CISOs are losing sleep at night about information security threats, but their direct C-suite colleagues are the biggest culprits when it comes to bending the rules,” said Liviu Arsene, Bitdefender global cybersecurity analyst. “InfoSec execs need to be far tougher at conveying the real-life repercussions of poor information security practices, from the board level downwards.
“Information security is an ever-evolving and changing process, with advancements in technology not only increasing the threat landscape, but also the protective tools available,” Arsene added. “A balanced approach to data security, encompassing not only best-in-class InfoSec solutions, but also surrounding yourself with the right security response team is key for effectively mitigating threats.”
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » How automation will help enterprises overcome the cybersecurity skills gap
- » As Windows 7 and Windows Server 2008 move to end of life - how to immortalise enterprise IT in the cloud
- » Are we doing enough to secure our digital business? Why automation is the answer
- » Why improving endpoint security needs to be a primary enterprise goal in 2020
- » Apple notes continued enterprise presence as Salesforce partnership goes up a gear