Why C-suite expertise does not always translate to InfoSec awareness
Their experience and judgement has led C-suite executives to the head of their organisations – yet according to new research from Bitdefender, these employees are most likely to expose the company to a major cyberattack.
According to the study, which polled 250 CIOs, CISOs and CSOs, more than two in five (41%) perceive their C-suite colleagues as InfoSec averse. A similar number (42%) say they are most concerned with a loss of customer and stakeholder trust with data breaches, while more than a quarter (26%) say they fear the company being fined by the Information Commissioner’s Office (ICO) or similar.
Three quarters of those polled believe management were the most likely to flaunt data security rules, compared with the remaining 25% who believe day to day knowledge workers were the most averse to InfoSec best practice.
So what needs to be done to change this? Areas of the security stack where speed is deemed either very or critically important by InfoSec executives are based primarily around endpoint security, detection and response (75%), and anti-exploit and memory protection (74%).
Bitdefender cites one area where InfoSec executives are getting things right; increasing end-user awareness to the variety of attack vectors cybercriminals can exploit. These can be either training programmes teaching employees what to look out for on the one hand, or on the other giving employees mock-phishing and social engineering attacks.
“Our research found that nearly two thirds of CISOs are losing sleep at night about information security threats, but their direct C-suite colleagues are the biggest culprits when it comes to bending the rules,” said Liviu Arsene, Bitdefender global cybersecurity analyst. “InfoSec execs need to be far tougher at conveying the real-life repercussions of poor information security practices, from the board level downwards.
“Information security is an ever-evolving and changing process, with advancements in technology not only increasing the threat landscape, but also the protective tools available,” Arsene added. “A balanced approach to data security, encompassing not only best-in-class InfoSec solutions, but also surrounding yourself with the right security response team is key for effectively mitigating threats.”
- » The differences between SaaS and on-premise software asset management: A guide
- » Why IT directors need to exercise a duty of care to support employees in an emergency
- » How gamification and automation can change your organisation’s cybersecurity stance
- » Bitcoin, blockchain and network security: A guide
- » Cryptojacking moves to the top of cyber criminals’ toolkit, says Symantec