Cyber Security weaknesses are worst at the top. That’s according to new research by security specialists Bitdefender, which finds that a whopping 75 percent of infosec executives deem management – from the board level down to junior department heads – as most likely to flaunt data security rules.
Some 41 percent of CISOs, CSOs and CIOs meanwhile believe their C-Suite colleagues are the most information security (infosec)-averse among their organisation’s entire demographic.
The research, conducted by Censuswide on behalf of Bitdefender, surveyed 250 CIOs/CISOs/CSOs who have control over IT budgets and influence/make security decisions, in UK-based companies with 500+ employees.
The top management can be blamed for lack of security.
“Our research found that nearly two thirds of CISOs are losing sleep at night about information security threats, but their direct C-Suite colleagues are the biggest culprits when it comes to bending the rules. Infosec execs need to be far tougher at conveying the real life repercussions of poor information security practices, from the board level downwards,” said Liviu Arsene, Global Cybersecurity Analyst at Bitdefender.
Some, as a result, are conducting mock-phishing and social engineering attacks on employees to reinforce the consequences of infosec negligence.
Others are focussing on endpoint security, detection and response (75 percent), closely followed by anti-exploit/memory protection (74 percent).
Infosec tools such as these can serve as a vital layer of defence whilst infosec teams rush to patch software in the event of a global exploit being discovered. Just over half of infosec executives seem confident their organisation could patch corporate devices against a discovered vulnerability within 24 hours (51 percent), the survey found.
Content from our partners
Facts & Figures from the last year
Concerns rise as actions stay the same, McAfee says
UK launches pilot of police backed security certificate
That still leaves nearly half of all organisations needing 25 hours and upwards to patch vulnerabilities. One specific, and reoccurring, example of a small change infosec executives have enacted has been to increase end-user awareness to the variety of different attack vectors which are currently being exploited by cyber criminals.
“Information security is an ever-evolving and changing process, with advancements in technology not only increasing the threat landscape, but also the protective tools available. A balanced approach to data security, encompassing not only best-in-class infosec solutions, but also surrounding yourself with the right security response team is key for effectively mitigating threats,” concludes Arsene.
