With complex threats lapping over networks wouldn’t security be improved by simply starting afresh? Fanciful perhaps but a third of experienced UK-based IT staff in a new Websense survey said they’d consider at least a “complete overhaul” if resources made it possible.
Indeed, the UK element of the Ponemon study (391 staff with an average of 11 years experience) uncovered a high level of uncertainty, frustration and disappointment that rarely emerges as strongly from vendor questionnaires.
It’s to be expected that 42 percent believed their employer wasn’t investing enough in staffing – that has been a stock grumble in one form or another for decades – but the 40 percent who confessed to never speaking to executives about cybersecurity was more eye-opening.
It doesn’t end there. Half admitted frequent disappointment in the performance of their security products, with only one in eight saying they were satisfied.
This was so bad that two thirds had suffered a data breach sufficiently serious to make them change vendors, with advanced targeted attacks and data theft now the top concerns.
Consequently, thirty-six percent wished they could completely overhaul their networks more or less from scratch. This seemed unlikely to happen; executives would only likely act after experiencing the theft of intellectual property, the loss of customer data and a loss of revenue after downtime, in that order, all fairly calamitous events.
“This Ponemon survey highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe,” said Websense CEO, John McCormack.
“It’s not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”
This malaise seems to be almost universal, with the global survey from which the UK numbers were drawn similar levels of disenchantment.
However, it could also be argued that professional IT staff are a naturally discontented lot and no longer the only population that matters. More than half of firms offered no cybersecurity education for employees, the very people who are on the receiving end of more or less all attacks. A mere 4 percent had any plans to do this in the next year.