Why Security Execs Lack Confidence in Security

 
 
By Karen A. Frenkel  |  Posted 06-10-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Why Security Execs Lack Confidence in Security
    Next

    Why Security Execs Lack Confidence in Security

    IT security pros need to consider metrics such as dwell time, or reducing the time a threat is in a network, which helps strengthen overall security posture.
  • Previous
    Executives Are Tentative About Security Posture
    Next

    Executives Are Tentative About Security Posture

    31% of respondents are still very confident about their security posture, but 65% are only somewhat confident.
  • Previous
    Communication Over Security Posture
    Next

    Communication Over Security Posture

    28% of respondents said the security metrics they use to communicate are effective whereas 65% said the metrics are only somewhat effective.
  • Previous
    Where Is the Disconnect?
    Next

    Where Is the Disconnect?

    Executives rely on quantitative metrics while breaches occur.
  • Previous
    Number of Breaches Experienced
    Next

    Number of Breaches Experienced

    63% of respondents said they have experienced breaches that resulted in the lost or compromised data this past year.
  • Previous
    Why Executives Are Not Confident About Security
    Next

    Why Executives Are Not Confident About Security

    Executives are not confident about their security posture because of the way they measure it; most count alerts and incidents, which does not shed light on the real security posture.
  • Previous
    Quantitative Metrics Won't Help
    Next

    Quantitative Metrics Won't Help

    "Using quantitative metrics—like counting breaches, totaling response times, and calculating downtime—does not help when breaches are a constant," the report states.
  • Previous
    Metrics Used
    Next

    Metrics Used

    Rather than measure dwell time, more organizations measure cost of incidents (39%) and reduction in vulnerabilities (39%). These are not as important as how long the threat, attacker or attack vector exists inside an organization and actions taken once past defenses.
  • Previous
    The Importance of Dwell Time
    Next

    The Importance of Dwell Time

    Only 33% of those surveyed measure dwell time, the elapsed time from initial breach to containment. If you limit the time a threat exists, damage to the enterprise will be minimized.
  • Previous
    Time Spent in Network Before Discovery
    Next

    Time Spent in Network Before Discovery

    Attackers spend an average of 229 days inside a network before they are discovered. The cost of the average breach: $5.85 million in the United States.
  • Previous
    Recommendation
    Next

    Recommendation

    Reduce the time a malicious threat acts from within. This will greatly reduce potential damage, speed of mitigation and contain exposure.
 

A majority of IT security executives are only somewhat confident in their enterprise's security, according to a new survey. One-third of respondents are confident in their security posture and one-quarter said they communicate effectively about security metrics and posture to senior management. These executives continue to rely mainly on quantitative metrics aimed at preventing breaches. "With security spending continuing to skyrocket, it's more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches," said Ed Hammersla, president, Forcepoint. "To be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time the threat is in our network, which reduces damage and helps strengthen our overall security posture." The main take away: intruders can do more damage the longer they poke around and move laterally within a network. If an organization limits the time a threat exists, it will minimize damage. The study "Why Executives Lack Security Posture of Confidence" included 100 responses from American IT security executives.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register