Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Study shows those responsible for security face mounting pressures

Steve Ragan | Feb. 12, 2014
Trustwave report shows year-over-year increase of pressures on InfoSec leaders.

"The Board is taking the questions to a whole new level and creating a more sophisticated conversation surrounding security. As a result, the in-house CIO feels more pressure because not only does he have to say, 'I bought this security technology,' but also 'I bought this security technology and it will work,'" Cole added.

Asked the same question, Pogue felt the pressures were a mix of things, from news coverage, to the expanding scale of breaches, and a seemingly endless wave of attacks on all levels, from all sides.

"Security is like car insurance. People buy it hoping they will never have to use it," he said.

"What do they get in return for their money? Help with protecting their valuable data from getting into the wrong hands. In light of the recent media coverage of data breaches, the 'what if' scenario is getting more attention. Now, it's no longer 'what if I get hacked,' it's 'what if I'm next?' It's now more real. The threat hasn't changed. The attackers haven't changed. What has changed is the public perception and the subsequent fear brought on by possibly being the next big breach."

When it comes to the types of threats and risks that generate the most pressure, the respondents in the U.S. (68 percent) and Canada (63 percent) said targeted malware, while the U.K. (64 percent) and Germany (60 percent) singled out Phishing and Social Engineering. That isn't to say that targeted malware isn't a concern for them, as it ranked close second in the U.K. and was listed as third in Germany.

Either way, the answers are interesting. In this case, targeted malware includes attacks that profile the victim and use multiple methods in order to get access to data that's to be compromised. However, only 49 percent of the respondents in the U.S. listed viruses and worms as a threat that generates the most pressure, along with 36 percent in Canada.

In fact, Germany and the U.K., didn't view them as problematic either. Moreover, none of the respondents ranked zero-day vulnerabilities as a top concern, despite the fact that targeted malware will often leverage all three of these attack surfaces during a given incident, as criminals will do whatever they can in order to assure success.

When it comes to an incident's aftermath, customer data theft tops the list of worries, with 58 percent of the respondents picking this concern over IP theft, reputation damage, or fines and legal action. However, despite current events, and the growing attention given to security incidents over the last few years, five percent of the respondents felt that their organization was completely safe from security incidents, and thus had no concerns.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.