Compliance Is Still a Worry, but Security Is Now a Top Concern

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.eweek.com/security/compliance-is-still-a-worry-but-security-is-now-a-top-concern.html/

IT security teams have made protecting business data their top priority but
do not spend enough time communicating with executives, finds two surveys.

Network breaches have become the top concern for security professionals,
replacing worries over a company's compliance with federal and industry
regulations, according to two surveys released in the past week.

A survey of 272 security managers and network engineers, titled "What Keeps
IT Pros Up at Night" found that 34 percent of respondents worry most about
the possibility of a breach, while 31 percent of those polled are concerned
with failing an IT-security audit. To improve security, about 20 percent of
IT security professionals said they plan to implement the SANS Critical
Security Controls in the next 12 to 24 months.

"For the first time, we are seeing security as the dominant concern that is
keeping them awake, versus compliance," said Vijay Basani, CEO of EiQ
Networks, which conducted the study. "It is a nice thing to see, because
for a very long time, security professionals were all about compliance,
compliance, compliance."

Data breaches have become commonplace  in the last few years, with massive
breaches of companies such as LinkedIn and the South Carolina Department of
Revenue. The cost of data breaches can be cut by 25 percent if the victim
has invested strongly in security management, according to a Ponemon
Institute report released earlier this year.

A troubling trend, however, is that two-thirds of respondents reported that
their security teams do not have enough staff to do their jobs. In
addition, more than one-third of IT professionals rarely or never meet with
business executives to better understand the impact that security can have
on the business, the survey found.

"This will be a problem going forward, unless IT security and business
people communicate about the issues facing the business," Basani said.

In attempting to comply with regulations, the two largest concerns are the
ability to measure and report on IT issues that affect compliance and the
automation of IT security controls. A quarter of respondents to the study
said they do not know how long it will take to identify the root cause of a
breach.

Almost all companies are worried about their customers' perceptions of
their security, according to a study released this week by technology firm
Unisys. The survey found that 91 percent of business and technology
professionals said they worry about a breach undermining their customers'
faith in their ability to secure data.

"Business and technology decision makers are seeing threats from all
directions and are looking for new ways to protect their organizations and
their clients," Steve Vinsik, vice president of global security solutions
at Unisys, said in a statement.

Wireless infrastructure and network defenses are considered the most
vulnerable to attacks; 74 percent and 72 percent of respondents,
respectively, said they are concerned with those potential entry points.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.