IBM: CISO’s outgunned in the cybercrime corral

Cloud, mobile, government regulations all weight heavily on CISO office

When it comes to battling sophisticated cyber attacks, Chief Information Security Officers feel well outgunned by the seedy underside of the Internet intent on wrecking havoc on their enterprise environments.

IBM’s third annual Chief Information Security Officer (CISO) study of 138 security executives found that 60% said their organizations are outgunned in the cyber war and that sophisticated external threats were identified by 40% of security leaders as their top challenge with regulations coming in a distant second at just under 15%.

IBM said that as enterprise leaders continue to outline business priorities, external threats will require the most organizational effort over the next three to five years – as much as regulations, new technologies, and internal threats combined.

IBM went on to say that security leaders need to use their influence to manage a broader array of external threats and higher expectations across the business.

“A more extensive scope of what requires protection (e.g., cloud, mobile, etc.) and new security technologies also contributed to this trend toward increased complexity. CISOs are no longer stewards of security technology but rather decision makers who must always take business operations into account. Security leaders are obtaining more clout and wielding it to contribute to companies’ broader goals while managing risk at every step along the way,” IBM stated.

Some other interesting facts from the IBM CISO study:

  • Protection through isolation is less and less realistic in today’s world: 62% of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners.
  • Despite the wide-spread interconnectivity that drives modern business, security leaders themselves aren’t sufficiently collaborative. Currently, only 42% of organizations that we interviewed are members of a formal industry-related security group. However, 86% think those groups will become more necessary in the next three to five years.
  • More than 80% of security leaders have seen the external threat increase in the past three years, and it is viewed as the top current challenge.
  • 70% of security leaders believe they have mature, traditional technologies that focus on network intrusion prevention, advanced malware detection and network vulnerability scanning.
  • Nearly 50% agree that deploying new security technology is the top focus area for their organization, and they identified data leakage prevention, cloud security and mobile/device security as the top three areas in need of dramatic transformation.
  • While concern over cloud security remains strong, close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, 75% expect their cloud security budget to increase or increase dramatically over the next three to five years.
  • Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Despite this strong agreement, the study found areas such as data classification and discovery and security intelligence analytics have relatively low maturity (54%) and require a higher need for improvement or transformation.
  • Despite the growing mobile workforce, only 45% of security leaders stated they have an effective mobile device management approach. In fact, according to the study, mobile and device security ranked at the bottom of the maturity list (51%).
  • In addition to external threats, the study indicated CISOs face additional challenges from governments as nearly 80% of respondents said the potential risk from regulations and standards have increased over the past three years.
  • Security leaders are most uncertain about whether governments will handle security governance on a national or global level as well as how transparent they will be in doing so. Only 22% think that a global approach to combating cybercrime will be agreed upon in the next three to five years.More than three-quarters of respondents (79%) said the challenge from government regulations and industry standards has increased over the past three years.

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022