Are CISOs too confident?
Posted on 25 June 2014.
CISOs and IT managers may be too confident in their capabilities to ensure their organizations security and defenses against a data breach, according to Courion.

A majority (63%) of IT security managers believe it is 'easy' to govern staff access rights and privileges, despite the fact that 42% admitted they either do not have or are unsure of their ability to monitor and prevent breaches caused by accidental or deliberate staff actions.

This overconfidence in the face of an apparent lack of expertise is concerning, given that 1 in 4 of the respondents cited staff failure to follow access policies as the greatest threat to their organization's data security, just slightly ahead of professional hackers.

The survey also confirmed the pressures IT managers and CISOs face in managing data security, with 45% saying their organisation had suffered a data breach. Any confidence they may exhibit masks fears over job losses (42%), severe reprimands (41%) and demotion (34%) if their organisation suffered a data breach.

And it seems UK IT security executives are looking for help from within the organisation, with mixed results. 43% of respondents feel they could have better relations with human resources in managing staff access rights and a majority (59%) don't feel confident or are unsure they get enough help to make dealing with insider threats easier.

In fact, a recent separate Courion study into staff attitudes to IT security suggests staff can be ambivalent about how they use their access rights - for example, 39% share work login details with colleagues and 1 in 5 of UK professionals would snoop on sensitive personal data if they have access to it.

Courion CEO Chris Zannetos commented, "Like elsewhere, UK CISOs and IT managers are under immense pressure to prevent data breaches. What's striking is many are finding it difficult to get the support needed to appropriately address insider threats. IT infrastructures have become increasingly complex as the access needs of users constantly change. This makes it challenging for CISOs and IT managers to understand, and as a result effectively communicate, exactly where business risk lies.

"We recognise the need to help our customers in their efforts to convey critical access-related risk in business terms. Our new service offering, the Access Risk Assessment, gives them the insight they need to begin to proactively identify and eliminate risk," he added.

The survey polled 100 senior IT security professionals including CISOs in companies with more than 500 employees.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th