Why C-suite expertise does not always translate to InfoSec awareness
Their experience and judgement has led C-suite executives to the head of their organisations – yet according to new research from Bitdefender, these employees are most likely to expose the company to a major cyberattack.
According to the study, which polled 250 CIOs, CISOs and CSOs, more than two in five (41%) perceive their C-suite colleagues as InfoSec averse. A similar number (42%) say they are most concerned with a loss of customer and stakeholder trust with data breaches, while more than a quarter (26%) say they fear the company being fined by the Information Commissioner’s Office (ICO) or similar.
Three quarters of those polled believe management were the most likely to flaunt data security rules, compared with the remaining 25% who believe day to day knowledge workers were the most averse to InfoSec best practice.
So what needs to be done to change this? Areas of the security stack where speed is deemed either very or critically important by InfoSec executives are based primarily around endpoint security, detection and response (75%), and anti-exploit and memory protection (74%).
Bitdefender cites one area where InfoSec executives are getting things right; increasing end-user awareness to the variety of attack vectors cybercriminals can exploit. These can be either training programmes teaching employees what to look out for on the one hand, or on the other giving employees mock-phishing and social engineering attacks.
“Our research found that nearly two thirds of CISOs are losing sleep at night about information security threats, but their direct C-suite colleagues are the biggest culprits when it comes to bending the rules,” said Liviu Arsene, Bitdefender global cybersecurity analyst. “InfoSec execs need to be far tougher at conveying the real-life repercussions of poor information security practices, from the board level downwards.
“Information security is an ever-evolving and changing process, with advancements in technology not only increasing the threat landscape, but also the protective tools available,” Arsene added. “A balanced approach to data security, encompassing not only best-in-class InfoSec solutions, but also surrounding yourself with the right security response team is key for effectively mitigating threats.”
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » The three biggest challenges facing the equipment-centric enterprise
- » Why a risk-based approach to cybersecurity can save time and money
- » The big enterprise security problem posed by small – or at least smaller – businesses
- » Building a foundation for innovation: A guide for the CIO
- » How artificial intelligence will affect the future of networks – and what you need to do about it now