Connect with us

Hi, what are you looking for?

Tech & Science

Majority of IT security pros say their infrastructure has gaps

Avatar photo

Published

The report additionally finds that 63 percent of IT security staff do not report to the board about cybersecurity issues on a regular basis. Furthermore, a sizeable number do not report to the board at all. This low profile for IT within many enterprises is bound up with cybersecurity weaknesses. The report is titled: “The Cybersecurity Illusion: Enterprise Security Remains Reactive.”

This new report follows earlier Ponemon Institute research released July 30, 2019 (“The Cybersecurity Illusion: The Emperor Has No Clothes“), which found that enterprises are spending $18.4 million (mean figure) every year on cybersecurity investments. However, 53 percent report that they have no real idea whether the tools they are deploying are effective. Breaches continue to happen at an high rate since only 41 percent of companies can accurately identify their own cybersecurity gaps and fix them, and the board of directors and senior leaders are not engaged in ensuring their organization’s security strategy.

The earlier study also found that that 63 percent of respondents said they have observed a security control reporting it blocked an attack when it actually failed to do so. In addition, just 39 percent of respondents say they are getting full value from their security investments.

To address the weaknesses, the new report recommends that enterprises assign accountability to one function for the validation of the effectiveness and efficiency of the organization’s strategy, technologies, and controls with a direct reporting relationship to senior leadership.

The report also recommends that companies invest in technologies that provide greater visibility into the IT security infrastructure to identify gaps in coverage and vulnerabilities. Furthermore, IT departments should understand how best to communicate the state of the organization’s security posture to the board of directors and CEO and there needs to be a regular schedule for meeting with the board and senior leadership, perhaps via a board-level cybersecurity committee that participates in determining an acceptable risk level.

In this article:Cybersecurity, Information technology, IT infrastructure, Security
Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Digital Journal joins Team Calgary to elevate voices in Alberta’s innovation economy

Calgary’s economy is growing and diversifying, and Digital Journal is going all in to help tell its story.

19 hours ago
A couple smile during the sunset in Tlajomulco de Zuniga, Mexico A couple smile during the sunset in Tlajomulco de Zuniga, Mexico

Life

US happiness sinks as more Americans eat alone: survey

The United States fell to 24th place, its lowest score since the report was first published in 2012.

20 hours ago
The French scientist was stopped at the US border The French scientist was stopped at the US border

Social Media

US denies entry to French scientist over ‘hateful’ messages

A space scientist was stopped at the US border on March 9, with officials combing through the contents of his work laptop and phone.

21 hours ago
The truth is out there: Scientists hope to crack the case of dark energy in the next few years The truth is out there: Scientists hope to crack the case of dark energy in the next few years

Tech & Science

What is dark energy? One of science’s great mysteries, explained

Dark energy makes up roughly 70 percent of the universe, yet we know nothing about it.

20 hours ago