Companies need to realize that the rules have changed, warns security survey

September 24, 2012

he number of high-profile web security breaches and the increased threat of unauthorized access to sensitive data has changed the focus for many companies, according to a recently released report.

The 2013 version of the Global State of Information Security Survey, produced in collaboration with CIO and CSO magazines, maintains that while IT executives around the world feel that they are winning the war against cyber security threats and malware, the reality is that the rules are continually changing. Companies are increasingly left vulnerable to security risks that they neither understand nor have prepared for, with a growing number of obstacles obscuring the chances of success.

Past models no longer effective
"Security models of the past decade are no longer effective," said Mark Lobel, one of the authors of the survey. "Today's rapidly evolving threat landscape represents a danger that shows no signs of diminishing, and businesses can no longer afford to play a game of chance. Companies that want to be information security leaders should prepare to play a new game: one that requires advanced skills and strategy to win against emerging threats."

Despite this rather gloomy prediction, most of the individuals surveyed are feeling optimistic about the future. Sixty-eight percent of respondents believed that their company had installed effective information security behavior into the corporate culture, and 70 percent were confident that the measures installed were sufficient to negate possible threats.

Forty-two percent saw their organization as a "front-runner" in data loss prevention and execution, with 13 percent of respondents reporting that their company had dealt effectively with over 50 incidents in the last year. However, only 8 percent of CIOs interviewed actually believed that they were information security leaders within the company, a figure that caused concern among the authors and sponsors of the report, with Bob Bragdon, the publisher of CSO, commenting that "many executives have unfounded confidence in their security capabilities."

Playing professional game with amateur equipment
Big data was also put under the microscope. Eighty percent of respondents admitted that data protection was important, especially when that information related to customers or employees, but only 35 percent claimed to have an accurate inventory of data, and only 31 percent knew where that data was stored.

"The decreased deployment of security and privacy tools is like playing a championship game with amateur sports equipment," said Lobel. "Intruders are exploiting business ecosystems, leaving reputational, financial and competitive damage in their wake. Leaders must acknowledge that playing the game at a higher level is required to achieve effective security. The very survival of the business demands that they understand, prepare for, and quickly respond to security threats."

-McAfee Cloud Security