Comms Breakdown Harming Firms’ Security Strategies

Communication barriers between security teams and executives and a lack of employee education are exposing organizations to unnecessary risk, according to a new study from the Ponemon Institute.

The research firm spoke to 5,000 infosecurity professionals across the globe to compile Roadblocks, Refresh, & Raising the Human Security IQ, a new report sponsored by Websense.
It found that a worrying 30% of IT security teams never talk to their execs about cyber security, while of those that do, 23% speak only annually and 19% twice a year. A lowly 1% said they speak weekly.
The stats were even worse for UK respondents where 40% said they never speak to the executive team.
A communication breakdown is not the only problem affecting organizations’ attempts to improve their cyber security posture, however.
Some 48% of firms said they didn’t provide any kind of security education to their employees – a dangerous oversight given that many targeted attacks now use social engineering in spear phishing emails to successfully breach corporate networks.
The figure for the UK once again was worse, with 54% claiming not to educate employees – with only 4% planning to begin doing so at some point in the next 12 months.
The lack of attention paid to user education is all the more baffling given that APTs (40%) and data exfiltration attacks (24%) – both of which frequently rely on socially engineering employees to trick them into downloading malware – were the top fears for respondents.
When it comes to the kind of threats facing organizations across the globe, the risk from inside the enterprise is as high as ever.
Three-quarters of respondents said they knew another security professional whose company had sensitive data stolen as a result of an insider threat. IP and customer data were most commonly pilfered.
There were also indications from the report that the security vendors are actually harming attempts to boost cyber security defences.
Some 58% of respondents said providers over-hype the threats and risks they’re facing, while around half (47%) said they frequently or very frequently buy products which turn out to be a “disappointment”.

What’s Hot on Infosecurity Magazine?