61% CIO/CISOs and security professionals have experienced a data breach at their current employer, according to McAfee
Data breaches are becoming more serious as cyber criminals continue to target intellectual property, putting the reputation of company brand at risk and increasing financial liability. As a result of this, CIOs and CISOs are in a tight spot, constantly struggling to secure their organizations and protect them against breaches, says a new study, adding that they are often accountable for not being able to prevent data breaches.
According to the recent report by cyber security firm, McAfee, 61% CIO/CISOs and security professionals have experienced a data breach at their current employer, while 48% reported the same at their previous companies. Also, in the last three years, organizations facing serious data breaches that required full public disclosure have gone up from 68% to 73%, the report claims.
43% of the participants were greatly concerned about theft of personally identifiable information and intellectual property. On the other hand, 30% found theft of payment card details more distressing, even though the report claims that payment card is not a big target because of new payment technologies and improved fraud detection systems.
The concern over the personally identifiable information is higher in Europe due to the roll out of General Data Protection Regulation (GDPR) in May 2018, which mandates heavy penalty on companies for failure to communicate data breaches to users. Theft of intellectual property is a bigger concern in the Asia-Pacific region, states the study.
Another interesting finding of the report is that cyber criminals do not have a singular technique when it comes to stealing data. In addition to database leak and interception of network traffic, they are also targeting corporate email, personal email, cloud applications as well as removable USB drives, stolen computers and printers.
CIO/CISO struggling to combat data breach
The McAfee report was based on a survey involving up to 5,000 professionals in enterprise organizations, over 5,000 workers in enterprise organizations and 700 IT and security professionals. The participants were based in the US, the UK, India, Australia, Canada, France, Germany and Singapore.
Over half of the participants blamed IT teams for not being able to prevent data breaches, while 81% are of the opinion that cyber security solutions continue to operate in isolation, with separate policies or management consoles for cloud access security broker and data loss prevention. This is causing delays in detection and reaction.
On the other hand, CIOs and CISOs interviewed in the study, feel part of the blame lies with C-suite, with 55% saying they feel that C-level executives should lose their job if data breach is serious as many of them often insist on having more lenient security policies for themselves.
Focus on training and culture
Many participants feel the cyber security attacks can be significantly reduced with education on corporate policies and appropriate online behavior. Real-time threat detection is also considered to be an effective way to identify threats. About 52% of all organizations have teams working on threat hunting, while 30% are planning to join the bandwagon soon.
“Organizations need to augment security measures by implementing a culture of security and emphasizing that all employees are part of an organization’s security posture and not just the IT team. To stay ahead of threats, it is critical companies provide a holistic approach to improving the security process by not only utilizing an integrated security solution but also practicing good security hygiene,” says Candace Worley, vice president and chief technical strategist, McAfee in an official statement.
What CIO/CISOs should do
Based on the study findings, we believe, the need of the hour for organizations is to have a cyber security strategy that includes implementing integrated security solutions.
CIO/CISOs should work in close collaboration with the C-level executives to formulate strategies to combat cyber security. The IT and security professionals need empowerment to influence budget decisions, project decisions, even IT decisions. This will give organizations a good visibility of information security risk and help them in managing those risks accordingly.
Finally, there should be a proper thrust on employee training and an overall culture of security throughout the organization to reduce future breaches, as the study too recommends. For that the CIO/CISOs’ voice needs to be audible beyond the IT department, across the entire organization, in other words, the management board.