The Cyber Risk of False Confidence - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
News
9/25/2017
07:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The Cyber Risk of False Confidence

Companies are overly confident about their cybersecurity, and it's leaving their data (and maybe yours too), open to some major security risks.

As organizations scramble to defend their mountains of data against cyber attacks and the constant stream of new malware, companies of all types are investing in and evaluating cybersecurity tools and practices. Gartner predicts that security spending is expected to reach $90 billion this year. But despite this huge spend, a recent study from Gemalto, an enterprise security company, found that organizations have a false sense of confidence in their security practices, creating what Gemalto calls a “breach gap.”

According to the Gemalto report, Mind the Breach Gap, 94% of respondents say they think that their perimeter security is quite effective at keeping unauthorized users out of their network, and 76% have increased their investment in perimeter security over the past five years.

Despite their confidence and investment, nearly a third (28%) of respondents’ organizations have seen their perimeter security breached within the past 12 months, and 65% are not extremely confident that their data would be secure if someone did breach the perimeter.

What’s probably most disturbing is one in seven (14%) surveyed IT decision makers admit that they would not trust their own organization to store and manage their personal data.

Image: Shutterstock
Image: Shutterstock

Jocelyn Aqua, privacy and cybersecurity principal for PwC, says she was surprised to see similar findings of “security overconfidence” in their own research.

The PwC 2017 Risk in Review survey found that only 9% of respondents said they have high or very high cyber risk maturity despite respondents’ claims of response effectiveness indicating that cyber risk was one of the most improved areas of risk when compared to past survey results.

“Respondents said they had effective cybersecurity,” says Aqua, “yet they remain defensive about cyber risk.”

Gemalto CTO and VP for Data Protection, Jason Hart says part of the reason for this “breach gap” – the idea that organizations think their data is more secure than it is – is because organizations don’t fully understand the motivations behind a breach.  

“There’s still a lack of understanding from organizations that it’s the data [threat actors] are after,” says Hart. “We’ve mostly seen confidentiality breaches, when a threat actor gets the data they share it, sell it, etc. What people misunderstand, is that a confidentiality breach is just the start of the problem,” he says.

Marc-Roger Gagné, cybersecurity advocate for Gagné Legal Services in Canada says that part of this misunderstanding in cyber protection, or overconfidence comes from a lack of security knowledge in the C-suite. “The average CEO age is over 60. The level of [security] comprehension is not there and it’s not the same culture, but there is a shift because [executives] are understanding that the litigation cost [for] any data that is compromised.”

Hart says that one way to remove the veil of security overconfidence is to ask your IT team these simple questions, “What am I trying to protect? Where is it? What am I trying to protect it from?” and then go back to the fundamentals of security: Encryption, key management, authentication (multifactor) multi-factor authentication. “By taking that approach, you can apply the appropriate investments,” he says. 

 

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
Commentary
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll