Many IT leaders still in denial on security vulnerability


October officially marks National Cybersecurity Awareness Month, so it is only fitting that new major IT security studies have just been released that look at the levels of cyber preparedness that organizations have today. The news isn't encouraging.

Today and tomorrow FierceCIO looks at highlights from two studies: The "2014 SafeNet Data Security Confidence Index" from SafeNet Inc.; and the second annual study, "Is Your Company Ready for a Big Data Breach" from the Ponemon Institute and Experian Data Breach Resolution. First up is the SafeNet study.

Perhaps the most important finding of the SafeNet study is the continued state of denial that many IT security officers and CIOs live in when it comes to security preparedness. Consider: 74 percent of IT leaders believe their organization's firewalls are sufficient lines of defense, yet 44 percent confirm that their organization has suffered at least one breach or possible breach.

Add to those statistics that 60 percent of IT leaders are not confident that the organization's data would be secure should a cyber-attack get past that firewall.

"The survey results illustrate that despite the increasing number of network breaches and data record losses, business are continuing to invest more of their IT budgets in perimeter security and breach prevention technologies, versus defense-in-depth strategies that include strong multi-factor authentication and data encryption," the firm noted in an email to FierceCIO.

Among the survey highlights:

  • "In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31 percent compared to the same period last year, according to the SafeNet Breach Level Index."
  • "Over half (53 percent) suggest that high-profile data breaches in the news have driven their organization to change their security strategy."
  • "Two-fifths (41 percent) [of respondents] said they think unauthorized users are able to access their networks."
  • "One-third (34 percent) of IT decision makers reported that they have become less confident with the security industry's ability to detect and defend against emerging security attacks."
  • "One-quarter of IT decision makers (25 percent) say that if they were a customer of the organization, they would not trust the company to store and manage their personal data."

"The research findings reveal some interesting contradictions between the perception and the reality of data security," notes Tsion Gonen, chief strategy officer at SafeNet. "What's worrying is that so many organizations are putting all of their eggs in one basket when it comes to data security."

Related Articles:
Cyberattacks skyrocketing, while security budgets decline
Growing security threats put focus on CISO role
Tops for addressing cybersecurity with the board