Story image

CISOs face an uphill battle when rolling out comprehensive security

27 Sep 2017

The role of the chief information security officer (CISO) is crucial to the rollout of organisation-wide IT security strategies, but they still have an uphill battle, according to research released last week by F5 Networks.

A study conducted by the Ponemon Institute surveyed senior security decision makers in 184 companies across China, India, the United Kingdom, Germany, Mexico, Brazil and the United States.

Despite results showing that 68% of respondents believe CISOs have the final word in IT security spending, the report also found that only 51% of companies have an organisation-wide IT security strategies.

“CISOs are in a tough spot. Organizations are squeezed by cyber criminals, new compliance requirements, and bleeding-edge technologies that erode privacy and stability. The team that leads defense efforts is becoming a more and more vital player in the long-term survival of any organization that sells, uses, or produces information technology—that is to say, everyone,” comments F5’s CISO Mike Convertino.

47% said their spending budgets had increased, but 40% said they had not changed at all. Budgets are also not being focused in the right areas. 45% said their security function doesn’t have clear lines of responsibility and 58% said it is a standalone function.

Security teams are struggling to attract attention from C-level executives: 43% said C-levels review, approve and support those businesses that do have an IT strategy.

Organisations are still running on reactive principles of security as a business priority. Senior executives do pay attention to data breaches (45%) and cybersecurity exploits (43%).

46% said that conversations with senior executives only happen when major incidents have occurred. 19% do not bother reporting breaches to the CEO and board of directors.

“This research provides a unique view into how CISOs are operating in today’s challenging environment,” Convertino says.

Respondents also see the potential for AI to fill cybersecurity skills shortage gaps. The average IT security headcount will rise from 19 to 32 full-time employees over the next two years.

However 58% have trouble finding qualified people and 48% are not able to offer a market-level salary.

50% of respondents agreed that computer learning and artificial intelligence will be able to serve staff shortages. 70% believe these technologies will be important to other IT security functions in the next two years.

“It’s clear CISOs are making progress in how they drive the security function and the leadership role they are assuming within companies. Yet in many organisations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks,” Convertino concludes.

Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Nuix eyes legal sector as eDiscovery demand skyrockets
eDiscovery must encompass so much more than email and documents. If you haven’t looked at text messages and online chats, digital images, mobile devices, data in the cloud and social media, you’re not getting the whole story.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."