Are you confident that your firm is cyber-threat-proof? A Forrester survey among over 250 senior security decision-makers in North America and Europe found that most of them are confident in their firms’ security measures. However, threats to cyber-security remain strong, said the research.
"The abundance of technology investments gives firms a false sense of confidence in their security posture. Their challenges reveal a different story," said the report.
Security executives currently employ a variety of tools and technologies to identify risks and test the effectiveness of their security controls. As a result, they are left with point-in-time assessments that require them to cobble together data from disparate systems to truly understand the organisation’s security posture. This approach is reactive, labour-intensive, and insufficient in scale, explained the report.
This has led to a disparity between appearance and reality, whereby security decision-makers are being given a false state of confidence, it noted. More than 85 percent are confident or very confident they have no gaps in their security controls deployed across devices, applications, people, and data, the survey found out. Nearly 79 percent of respondents said they take a centralised approach for risk management across their organisations.
"If true, this means they have a common risk taxonomy across the organisation, manage technologies centrally, and aggregate and share risk data across business units. Although most respondents in our study claim to have a common risk taxonomy and share risk data across their organisations, the menagerie of disjointed technologies makes it difficult to aggregate risk data for reporting, often requiring manual effort," said the report.
"This, in turn, hinders them from having insight into their overall risk posture."
However, the security leaders were not completely unaware of the difficulties in threat management, added the survey. Nearly 57 percent of respondents found controlling coverage gaps across security functions the most challenging task, while 43 percent found viewing a comprehensive list of assets across the organisation tough.
Many sector experts consider visibility factor detrimental in cyber-security management across sectors.
Commenting on a recent expose of unsecured medical image storage systems in almost 600 servers serving 52 countries, edgescan CEO and cofounder of Eoin Kear told SC Media UK that poor visibility often leads to vulnerabilities being overlooked.
"A fundamental aspect of cyber-security is the visibility of assets owned by an organisation. Continuous asset profiling and vulnerability management is key to detecting such simple errors," he said.
Observing a recent failure by a dating app to protect its user’s data, Exabeam solutions architecture head Stephen Gailey told SC Media UK that the penetrability of security systems is a fundamental truth in information security
"It doesn’t matter how good your technology is, in the end it will be let down by poor operational practices," he said.