IT disaster recovery, cloud computing and information security news

Daisy

Forrester study highlights ‘a false state of confidence’ when it comes to enterprise cyber security

Panaseer has released the results of a sponsored study conducted by Forrester Consulting which found that the key challenge facing security leaders is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture. 

The study surveyed over 250 senior security decision makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees. 

Currently security leaders employ a variety of tools and technologies to identify risks and test the effectiveness of their security controls. As a result, security leaders are left with point-in-time assessments that require them to ‘cobble together’ data from disparate systems to truly understand the organization’s security posture. This approach is reactive, time-intensive, and insufficient in scale. 

The study claims that the above has led to a disparity between appearance and reality, where security decision makers are being given a false state of confidence. 86 percent of respondents are confident or very confident that they have no gaps in their security controls deployed across devices, applications, people, and data. However, the complexity of today’s IT infrastructures and the heterogeneity of enterprise security tools make it difficult for security pros to protect their environments.

The study states: “Rightfully, companies are prioritizing their security and risk initiatives and investing in multiple technologies. Unfortunately, technology investments have provided a false sense of confidence in their security posture. Security leaders must understand that a proactive approach to cybersecurity requires the right tools, not more tools.” 

97 percent of respondents reported experiencing challenges with their tools. When asked about the biggest challenges that they face with the security tools, the top responses include: 

  • Controlling coverage gaps across security functions (56 percent);
  • Viewing a comprehensive list of assets across the organization (43 percent);
  • Collecting, normalizing, aggregating, deduplicating, and correlating disparate data (39 percent); 
  • Tracking which assets and controls do not meet regulatory and compliance policies (39 percent);
  • Determining the effectiveness of security controls (38 percent); 
  • Getting a real-time view of corporate risks (37 percent);
  • Tracking performance of security controls over time (37 percent).

As threat levels increase, 64 percent of companies are making it a high or critical priority to implement a risk framework aligning cyber security risk and enterprise risk. However, the study identifies that one in five do not have a centralized approach for risk management. 

Obtain the study.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.