|[April 24, 2019]
New Glasswall-sponsored Research Reveals Security Leaders' Ongoing Conundrum
Glasswall
Solutions today released its latest research report "Keeping the
Enterprise Secure: A Tangled Web of Contradictions," revealing the
increasing and opposing forces security leaders face while protecting
their organizations. The report showcases how leaders struggle to find
the balance between risk and cost, minor disruption and catastrophe, and
keeping pace with the demands of business while keeping their
organizations safe.
Glasswall's survey of senior-level executives across the US (70 percent
of respondents) and the UK (30 percent of respondents) reveals how even
the best security strategies still have inherent risks. The research
highlights how complexity is entangling security professionals into a
web of contradictions that impact multiple facets of security
management--finite budget but endlessly growing need, highly
interdependent but vulnerable value chains, reliance on old standby
tools like antivirus that have limited effectiveness, and employees'
business expectations that can lead to risky behaviors. These
incongruities present security leadership with a mesh of continually
competing interests, opportunities and tensions from across the business.
Highlights from the report include:
-
71% of respondents saw third party risks from partner and supply
chain interactions as a high concern. Concerns about email risks
from partners top the list of potential vulnerabilities - that
includes both email with attached documents and email that may include
dangerous links.
-
Glasswall Insight: Supply
chains for global businesses are growing exponentially, yet third
party vulnerabilities are also rapidly increasing. Organizations
often have to rely on the security of those that are unreliable,
and while many global firms have some visibility into the defenses
their partners have in place, they often have limited influence on
the risk decisions made by those third parties.
-
More than 40% of respondents recognize that employees remain
susceptible to phishing attacks and engage in risky behavors. At the
same time, 40 percent are completely reliant on employees as their
last line of defense. According to the findings, access to
unlocked devices, poor password protection and the use of personal
devices are cited as the most worrisome employee behaviors.
-
Glasswall Insight: While this
illustrates a clear paradox in security teams' quest to secure the
enterprise, it also reaffirms that employees are a critical
component to the security strategy and its incumbent upon
organizations to implement effective and thorough security
training across their workforce.
-
82% of respondents still see the network perimeter as the domain
where they most need to keep investing in security. That includes
the 57% who will continue to invest in perimeter defense along with
post-breach detection.
-
Glasswall Insight: Despite the
proliferation of cloud, the perimeter hasn't disappeared; it has
just expanded and remains the most vulnerable access point in need
of protection.
-
Only 9% of respondents expressed complete confidence in their
antivirus solutions. And yet, despite the low confidence
expressed, 96% said they continue to invest in antivirus product.
-
Glasswall Insight: This
prevalent technology is increasingly viewed as inadequate to serve
its intended purpose. However, as industry has yet to introduce a
broadly accepted, game-changing alternative to AV, organizations
continue to invest in it and view it as a commodity, value-based
checkbox product - knowing it's under par.
"Our research validates an industry issue that has been discussed for a
long time behind closed doors - those in charge of security are caught
in a web of contradictions, a repetitive cycle of codependence of
weakest links and strongest assets," said Greg Sim, CEO, Glasswall
Solutions. "After hearing from top security leaders, it's clear the
security industry needs to have an honest discussion about what's not
working, and collectively reset the security standard to which all
organizations must align."
