Cyber security infrastructure in enterprises in India faces a startling deficit and there is a disconnect between executives and security teams. Our recent research highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe. It is not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.
Websense and the Ponemon Institute recently conducted a two-part study, Exposing the Cybersecurity Cracks: India. In the second report of this study, 4,881 IT and IT security practitioners were surveyed within 15 countries that include : India, Australia, Brazil, Canada, China, France, Germany, Hong Kong, Italy, Mexico, the Netherlands, Singapore, Sweden, United Kingdom and the United States. Of these, 545 practitioners were surveyed in India alone. Findings reveal a global consensus that organizations must fix the communication gap between the security and executive teams to protect against advanced, data stealing attacks.
Communication Roadblocks between Security Professionals and Executives:
- Thirty-one percent of cyber security teams never speak with their executive team about cyber security.
- Of those that did, nearly a quarter (23 percent) spoke just annually, with a further 19 percent semi-annually. Only eleven percent spoke with them quarterly and one percent spoke weekly.
- Only thirty-eight percent believe their companies invest enough in skilled personnel and technologies to be effective in executing against their company’s cyber security objectives and mission
Security Teams Call for a Complete Security System Refresh:
- Twenty-nine percent of respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity.
- Nearly half (47 percent) felt frequently disappointed with the level of protection a security solution they had procured ended up offering them. Only 12% had never been disappointed in their security solutions.
- Fifty-six percent believe a data breach would trigger a change of security vendors.
- APT’s and data exfiltration attacks rank as the top fears for IT security professionals.
- Encouragingly, 49 percent say they are planning on making significant investments and adjustments to their cyber security defences during the next 12 months.
Raising the Human Security IQ:
- Fifty-two percent of companies do not provide cybersecurity education to their employees, with only 4 percent planning to do so in the next 12 months.
- Under half (42 percent) had undergone a cyber threat modelling process in their present role. Of those that did, nearly all, (94 percent) found it to be important in terms of managing their cyber risk.
- Security professionals feel the top three events that would compel executive teams to allocate more money to cyber security initiates are: exfiltration of intellectual property (67 percent), data breach involving customer data (53 percent) and loss of revenues because of system downtime (49 percent).
In addition to the survey results, the report also includes conclusions drawn from the data and recommendations for addressing the gaps in security technology, communication and education. A full copy of the reports, including survey methodology, consolidated results and individual response rates by country is available here and here.
Surendra Singh is Regional Director – SAARC at Websense