Error
Please contact support@networkcomputing.com if you continue to receive this message.

Network Computing Home






04:35 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

2013 Strategic Security Survey

Our 1,029 respondents are getting wise on awareness, with just 13% saying they're more vulnerable than last year. Still, 73% see mobility as a threat, and 75% admit they may be ignorant of a breach.

InformationWeek Green -  May 27, 2013 InformationWeek Green
Download the entire May 27, 2013, issue of InformationWeek, distributed in an all-digital format (registration required).


Strategic Security

We stated in our 2012 Strategic Security report that information security pros are quick to pin the blame for problems on end users, the CFO, vendors, developers -- anyone but themselves. Harsh? Yes, but our criticism of this tack seems to have gotten through: Our 2013 data shows that security professionals are ready to take ownership of their strategies.

Between 2005, when we first offered the option, and 2012, managing the complexity of security was cited as the No. 1 information or network security challenge facing respondents to InformationWeek's annual Strategic Security surveys. We anticipated more of the same this year, given the angst over mobility and cloud and complaints about not enough money, breaches of customer information and shadowy attackers with time and resources to burn.

We were wrong.

Among the 1,029 respondents to our 2013 Strategic Security Survey, all of whom work at companies with at least 100 employees, we saw a 14-point drop (from 52% in 2012 to 38%) in the percentage saying that managing the complexity of security is among their top challenges. Moreover, among respondents saying they're more vulnerable to attack now than a year ago, we saw a 19-point dip (from 44% in 2012 to 25%) in those who blame having an increasing amount of customer data to secure -- always a bogus excuse. We saw a five-point rise in the percentage saying end user security awareness training provides significant value (from 49% to 54%).

Report Cover
Our report on the Strategic Security Survey is free with registration

This report includes 51 pages of action-oriented analysis, packed with 43 charts. What you'll find:
  • Why Anonymous might be your best friend
  • How to decide uf data breach insurance is a good buy
Get This And All Our Reports
That's not to say everyone is feeling better about their security capabilities. There has been growing concern since our 2011 survey in some areas, mostly around the human element. This year we saw an 11-point increase in the percentage that cite controlling user access to systems and data as a top challenge (from 22% in 2012 to 33%). Enforcing policies is now seen as the No. 1 challenge.

But notice the common threads: awareness of processes and risk, two topics that security pros traditionally avoided at all costs. Recognition of process and risk management shows us that infosec pros are thinking about strategy, not just products and tactics.

Respondent comments back this up. A chief systems engineer in the U.S. military cites a lack of settings management -- securely configuring a device instead of just leaving the defaults -- as the top cyber risk. "Yet we do very little about it," he says. Adds another respondent: "Security risk management is about tools, but it is also processes, training and procedure." And our favorite: "Social media and BYOD successfully broke the back of infrastructure security," says a commenter at an engineering firm. "Incidents are now so common that they no longer elicit any reaction other than endpoint cleanup."

Have we finally realized that compromising people is much easier for attackers than compromising properly configured technology? Is security finally becoming a core discipline of IT and, potentially, the overall business?

To read the rest of the article,
download the May 27, 2013, issue of InformationWeek.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed
Network Computing
Error
Please contact support@networkcomputing.com if you continue to receive this message.

Network Computing Home