Story image

CISOs face an uphill battle when rolling out comprehensive security

27 Sep 2017

The role of the chief information security officer (CISO) is crucial to the rollout of organisation-wide IT security strategies, but they still have an uphill battle, according to research released last week by F5 Networks.

A study conducted by the Ponemon Institute surveyed senior security decision makers in 184 companies across China, India, the United Kingdom, Germany, Mexico, Brazil and the United States.

Despite results showing that 68% of respondents believe CISOs have the final word in IT security spending, the report also found that only 51% of companies have an organisation-wide IT security strategies.

“CISOs are in a tough spot. Organizations are squeezed by cyber criminals, new compliance requirements, and bleeding-edge technologies that erode privacy and stability. The team that leads defense efforts is becoming a more and more vital player in the long-term survival of any organization that sells, uses, or produces information technology—that is to say, everyone,” comments F5’s CISO Mike Convertino.

47% said their spending budgets had increased, but 40% said they had not changed at all. Budgets are also not being focused in the right areas. 45% said their security function doesn’t have clear lines of responsibility and 58% said it is a standalone function.

Security teams are struggling to attract attention from C-level executives: 43% said C-levels review, approve and support those businesses that do have an IT strategy.

Organisations are still running on reactive principles of security as a business priority. Senior executives do pay attention to data breaches (45%) and cybersecurity exploits (43%).

46% said that conversations with senior executives only happen when major incidents have occurred. 19% do not bother reporting breaches to the CEO and board of directors.

“This research provides a unique view into how CISOs are operating in today’s challenging environment,” Convertino says.

Respondents also see the potential for AI to fill cybersecurity skills shortage gaps. The average IT security headcount will rise from 19 to 32 full-time employees over the next two years.

However 58% have trouble finding qualified people and 48% are not able to offer a market-level salary.

50% of respondents agreed that computer learning and artificial intelligence will be able to serve staff shortages. 70% believe these technologies will be important to other IT security functions in the next two years.

“It’s clear CISOs are making progress in how they drive the security function and the leadership role they are assuming within companies. Yet in many organisations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks,” Convertino concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.