Security leaders admit to being outgunned by cybercriminals: IBM study
By Digital News Asia December 15, 2014
- Organisations struggling to defend against sophisticated cyber-attacks
- Few think that global approach to cybercrime will be agreed upon in next 3-5yrs
MORE than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organisations are outgunned in the cyber-war, according to a study by IBM.
Its study additionally reveals that technology is seen as a critical component in addressing these security issues and threats, with big data, cloud and mobile named as the most significant areas of prioritisation, IBM said in a statement.
IBM’s third annual Chief Information Security Officer (CISO) study was conducted by the IBM Centre for Applied Insights and is based on responses from 138 in-depth interviews with the surveyed organisations’ most senior security leaders.
Sophisticated external threats were identified by 40% of security leaders as their top challenge with regulations coming in a distant second at just under 15%.
As enterprise leaders continue to outline business priorities, external threats will require the most organisational effort over the next three to five years – as much as regulations, new technologies, and internal threats combined.
“CISOs are finally getting a seat in the boardroom,” said Brendan Hannigan, general manager, IBM Security.
“Security leaders must now use this growing influence to deliver better results: Prioritising the protection of critical assets, focusing investments on intelligence, and recruiting top industry talent to augment internal efforts,” he said.
Rethinking cybersecurity tactics
The study aimed to uncover and understand how organisations are currently protecting themselves against cyber-attacks, finding 70% of security leaders believe they have mature, traditional technologies that focus on network intrusion prevention, advanced malware detection and network vulnerability scanning.
However, nearly half (50%) agree that deploying new security technology is the top focus area for their organisation, and they identified data leakage prevention, cloud security, and mobile/ device security as the top three areas in need of dramatic transformation.
Additional findings from the IBM CISO study include:
- Cloud security continues to lead the agenda: While concern over cloud security remains strong, close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, 75% expect their cloud security budget to increase or increase dramatically over the next three to five years.
- Data driven security intelligence capabilities are top of mind: Over 70% of security leaders said real-time security intelligence is increasingly important to their organisation. Despite this strong agreement, the study found areas such as data classification and discovery and security intelligence analytics have relatively low maturity (54%) and require a higher need for improvement or transformation.
- Significant mobile security needs still remain: Despite the growing mobile workforce, only 45% of security leaders stated they have an effective mobile device management approach. In fact, according to the study, mobile and device security ranked at the bottom of the maturity list (51%).
Uncertainty around government landscape
In addition to external threats, the study indicated CISOs face additional challenges from governments as nearly 80% of respondents said the potential risk from regulations and standards have increased over the past three years.
Security leaders are most uncertain about whether governments will handle security governance on a national or global level as well as how transparent they will be in doing so. Only 22% think that a global approach to combating cybercrime will be agreed upon in the next three to five years.
Empowering security leaders
With cyber-attacks and government regulations continuing to evolve, a majority of organisations have redefined their view of security over the past three years, vaulting security leaders into more influential roles, IBM said.
According to the study, 90% of security leaders strongly agree that they have significant influence in their organisation, with 76% stating that their degree of influence has significantly increased in the last three years.
In addition, 71% strongly agree that they are receiving the organisational support that they need in order to do their jobs effectively.
To download the report, go to www.ibm.com/security/ciso.
Security chiefs call for investments in ‘transformative’ technologies
Security on the cloud: Myths dispelled
Basic security products don't cut it anymore: IDC
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.