An Epidemic of Security Worst Practices
A majority of enterprises are failing to apply IT security best practices, significantly increasing their security and compliance risks.
In the time that I've worked on this blog, I have seen a small evolution in security concerns. When I first started, for example, mobile security was barely discussed - if discussed at all. Anonymous was still mostly anonymous.
A lot has changed over the past couple of years, and the skills of the bad guys, as well as ever-changing technology means that network security has to constantly evolve. And it makes sense that evolution would have to come from the top.
So it isn't surprising that a new IBM survey shows a clear evolution in information security organizations and security leadership. However, it is a little disheartening to discover that only one in four security chiefs surveyed currently play a strategic role in their firms.
It also appears that security is becoming part of the corporate business model and CISOs are focused more on risk management and anticipating problems before they happen rather than focusing on dealing with security situations after the fact. This is an encouraging trend. We know the bad guys are smart, are innovative and are taking advantage of every slip-up and lax security practices on the corporate side. The more security executives - and the corporate business model - focus on risk management and better security policy practices, the better protection they can provide.
After interviewing more than 130 security leaders globally, IBM discovered there are three types of leaders based on breach preparedness and security maturity. They are the Influencers, the Protectors and the Responders. A Sci-Tech Today article described each type:
The Influencer-type security executive is identified in the study as being "confident and prepared," influencing business strategy relating to security. Protectors are less confident, and, although they prioritize security on a strategic basis, they lack necessary structural elements that exist in Influencers' organizations, since they rank second in the key determining factors, such as the likelihood of having a CISO. Responders are the least confident, are focused largely on protection and compliance, and they rank third in the determining factors.
Which type are you?