42.3 F
Washington D.C.
Sunday, December 4, 2022

IT Leaders Ill-equipped to Handle Cyber Threats; Disconnect Prevents Addressing Threats

A new survey commissioned by Lockheed Martin found a majority of information technology (IT) leaders “do not feel confident in their leaderships’ ability to leverage intelligence that can predict a cyber vulnerability and effectively combat threats.”

“A majority of survey respondents noted an increase in the severity (75 percent) and frequency (68 percent) of cyberattacks, but feared that they don’t have the budget (64 percent) or the expert personnel (65 percent) to address the threats,” the survey report stated.

“This survey illuminates areas of concern about cyber readiness across government and critical infrastructure industries,” said Guy Delp, director of cybersecurity and advanced analytics for Lockheed Martin. “The results highlight that the challenges in this domain are universal across both industry and government, and therefore our response needs to be equally holistic. The adoption of Intelligence-Driven Defense techniques is critical to ensuring that not only IT officers, but also chief executives, boards of directors and customers have confidence in the security of their information.”

“Compliance was rated the top cybersecurity business priority by the survey respondents,” Delp added. “Though somewhat surprising, it is a tell-tale sign that organizations feel the pressure to meet industry security compliance requirements. While satisfying compliance standards is important, organizations should view it as a foundation on which to build a more comprehensive security posture.”

The Intelligence-Driven Defense survey was independently conducted in November by data security research group Ponemon Institute. It polled 678 US-based senior IT practitioners from a variety of sectors, including financial services, the federal government, healthcare, utilities, energy, pharmaceuticals and chemicals.

Other key findings include:

  • Many organizations are relying on intuition, rather than intelligence, to assess their security levels: Business and government respondents who felt that they were not presently being targeted for attack relied on their intuition (35 percent) or logical deduction (33 percent) rather than data or intelligence (32 percent) to justify their beliefs.
  • Whether malicious or negligent, insiders continue to be among the greatest perceived cyber threats: Thirty-six percent of respondents said that negligent insiders were the most significant network vulnerability facing their organization, and more than half (53 percent) ranked malicious insiders in their top four threats.
  • The most serious risks do not receive the most budget: The top two factors impacting an organization’s cybersecurity posture – employee cyber awareness and supply chain security – receive only four and 15 percent of cybersecurity budgets, respectively. Top budget items, such as mobile and cloud security, are both perceived to be lower threat levels.

Meanwhile, the Global Megatrends in Cybersecurity 2015 survey commissioned by Raytheon and Ponemon Institute of 1,006 global cybersecurity CIOs, CISOs and senior IT leaders “found a lack of resources and a critical disconnect between CISOs and senior leadership are preventing companies from addressing the growing cybersecurity threats.”

“What’s more startling,” Raytheon said, “is that a majority of respondents (78 percent) said their Board of Directors has not been briefed about their organization’s cybersecurity strategy in the last 12 months. This research shows that industry leaders fail to recognize strategic value of cybersecurity as organizations lack sufficient resources and workforce.”

“You don’t have to wait until you’re attacked to take cybersecurity seriously,” said Jack Harrington, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services. “From the board room to the president’s desk, rallying around the cybersecurity issue is critical to address the real threats we face as a global society.”

“High-profile cybersecurity breaches are closing the gap between CISOs and CEOs by forcing meaningful security discussions into corner offices and boardrooms,” said Larry Ponemon, chairman and founder of Ponemon Institute. “In the meantime, our study found there is still a large delta between resources and needs, as security leaders lack both funding and manpower to adequately protect assets and infrastructure.”

The survey did find some signs of optimism, noting that “a majority of those surveyed believe cybersecurity awareness through training will improve over the next three years. The survey of information security professionals from across the globe further indicated that most security professionals expect their organization’s cyber posture to improve during that same timeframe.”

Other key findings include:

  • Less than half of respondents (47 percent) believe their organizations take appropriate steps to comply with the leading cybersecurity standards.
  • Only one-third of those surveyed believe their organizations are prepared to deal with the cybersecurity risks associated with the Internet of things (IoT) and the proliferation of IoT devices.
  • Fewer than half of all respondents (47 percent) say their organizations have sufficient resources to meet cybersecurity requirements.
  • Two-thirds (66 percent) of those surveyed indicated their organizations need more knowledgeable and experienced cybersecurity practitioners.
  • Nearly half (47 percent) of respondents believe zero-day threats will become one of the most prevalent cyber threats.
  • More than one-third (35 percent) believes attacks on critical infrastructure will become one of the world’s five most prevalent threats.
  • Senior IT leaders see the use of virtual currencies as a low risk to their organizations today but becoming a very high risk to their organizations in the future.
  • Surveyed CISOs believe that when it comes to cybersecurity, the three most important technologies in the future will involve big data analytics, forensics and next-gen firewalls.
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles