Security // Compliance
News
5/23/2013
04:35 PM
Connect Directly
Twitter
Google+
LinkedIn
RSS
E-Mail
50%
50%
Repost This

2013 Strategic Security Survey

Our 1,029 respondents are getting wise on awareness, with just 13% saying they're more vulnerable than last year. Still, 73% see mobility as a threat, and 75% admit they may be ignorant of a breach.

InformationWeek Green -  May 27, 2013 InformationWeek Green
Download the entire May 27, 2013, issue of InformationWeek, distributed in an all-digital format (registration required).


Strategic Security

We stated in our 2012 Strategic Security report that information security pros are quick to pin the blame for problems on end users, the CFO, vendors, developers -- anyone but themselves. Harsh? Yes, but our criticism of this tack seems to have gotten through: Our 2013 data shows that security professionals are ready to take ownership of their strategies.

Between 2005, when we first offered the option, and 2012, managing the complexity of security was cited as the No. 1 information or network security challenge facing respondents to InformationWeek's annual Strategic Security surveys. We anticipated more of the same this year, given the angst over mobility and cloud and complaints about not enough money, breaches of customer information and shadowy attackers with time and resources to burn.

We were wrong.

Among the 1,029 respondents to our 2013 Strategic Security Survey, all of whom work at companies with at least 100 employees, we saw a 14-point drop (from 52% in 2012 to 38%) in the percentage saying that managing the complexity of security is among their top challenges. Moreover, among respondents saying they're more vulnerable to attack now than a year ago, we saw a 19-point dip (from 44% in 2012 to 25%) in those who blame having an increasing amount of customer data to secure -- always a bogus excuse. We saw a five-point rise in the percentage saying end user security awareness training provides significant value (from 49% to 54%).

Report Cover
Our report on the Strategic Security Survey is free with registration

This report includes 51 pages of action-oriented analysis, packed with 43 charts. What you'll find:
  • Why Anonymous might be your best friend
  • How to decide uf data breach insurance is a good buy
Get This And All Our Reports
That's not to say everyone is feeling better about their security capabilities. There has been growing concern since our 2011 survey in some areas, mostly around the human element. This year we saw an 11-point increase in the percentage that cite controlling user access to systems and data as a top challenge (from 22% in 2012 to 33%). Enforcing policies is now seen as the No. 1 challenge.

But notice the common threads: awareness of processes and risk, two topics that security pros traditionally avoided at all costs. Recognition of process and risk management shows us that infosec pros are thinking about strategy, not just products and tactics.

Respondent comments back this up. A chief systems engineer in the U.S. military cites a lack of settings management -- securely configuring a device instead of just leaving the defaults -- as the top cyber risk. "Yet we do very little about it," he says. Adds another respondent: "Security risk management is about tools, but it is also processes, training and procedure." And our favorite: "Social media and BYOD successfully broke the back of infrastructure security," says a commenter at an engineering firm. "Incidents are now so common that they no longer elicit any reaction other than endpoint cleanup."

Have we finally realized that compromising people is much easier for attackers than compromising properly configured technology? Is security finally becoming a core discipline of IT and, potentially, the overall business?

To read the rest of the article,
download the May 27, 2013, issue of InformationWeek.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.