Companies were least prepared to assess the security risks of cloud and mobile technologies, according to a new survey of cybersecurity professionals.
Around 60% of companies were able to assess security risks in cloud environments, down 7 points compared to last year. Mobile devices scored at 57%, down by 8%age points compared to last year.
Overall, the confidence levels of security professionals that their cyber defences were meeting expectations dropped from 76% last year to 70% in this year’s survey, according to the report, which was produced by CyberEdge Group, and sponsored by Tenable.
Single drop
The largest single drop was in the confidence in the security of web applications, down 18 points from 80% last year to 62% today.
Respondents also reported lower confidence in their ability to convey risks to executives and board members, down 3%age points from 83% last year to 80% today.
On a positive note, they were more confident about their ability to manage security effectiveness, up by 2 points from 81 to 83%.
Cris Thomas, strategist, Tenable Network Security, which produced the report, said that he was surprised by the results.
Mitigation over time
“It would be my assumption that as we go through time and work with these technologies more and more we get more comfortable with them,” he said. “Our ability to assess the risk and mitigate those threats should become greater over time. But the numbers aren’t showing that. The numbers are showing a decrease over last year, and I really don’t have an explanation of that.”
Take cloud services for example, he said. Companies are using more and more cloud services and cloud infrastructure.
He suggested that security pros might be becoming more aware of cybersecurity risks than they were before.
“Maybe we’re just realising what we don’t know, and that there’s a bigger security concern than we though there was,” he said. “We’re just starting to understand how complex the security is with cloud.”
Old mobile story
Similarly, mobile should be an old story, he said.
“We’ve had mobile devices for a while,” he said. “This isn’t something new and we think we’d have an understanding and grasp of the security issues. So I would expect this score to go up, but instead we had a decrease.”
He suggested that increased media focus on security breaches might be bringing additional attention to potential problems.
The report broke the scores out by industry and showed a decline in all verticals.
“We’re pretty much across the board,” Thomas said. “It’s not a good sign.”
Health care scored the lowest this year, at just 54%% — down from 72% last year.
Looking the data geographically, India scored the highest, at 73%, and Japan the lowest with a score of 43%.
Thomas suggested that this might be due to the percentage of companies in each country who handle their own security.
“The level of outsourcing is higher in India,” he said. “And it gives them the sense that they’re paying someone else to handle it, and they think they’re more secure.”
Outsourcing spectrum
Japan is on the other end of the spectrum.
“There’s very little outsourcing in Japan, most of the security is done in-house,” he said. “And that might be why they have a lower grade.”
This does not necessarily mean that those companies are more or less secure, he added, just that they are more or less confident in their security.
“It is possible that your security is better if you outsource, and it’s possible that it could be worse,” he said. “But that perception is that these guys are experts, so my security is good.”
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers