67% of security executives do not have robust controls in place to prevent data leakage
Brand reputation, risk management and preventing data loss surfaced clearly as the burning concerns of senior security professionals participating in the London meeting of the CSO Interchange, a high level forum geared to discussing hot topics of the day. 60% profess to having only “some idea” as to where their customer data is stored and “limited controls” over it. 72% see the impact of payment card loss on brand reputation as their biggest concern.
Speaking at the event, cross-bench peer, Lord Erroll, a member of the House of Lords Science and Technology Committee, described the recent HMRC data breach as a “godsend”…”with luck the missing CDs have ended up in a landfill site but this fiasco will force the government to start taking security seriously and the powers of the Information Commissioner’s Office will be strengthened.”
Concerns about data loss were clearly a running theme throughout the debate. Although 32% felt they did know where their customer data was being kept and had controls in place. Alarmingly, 9% of those present had not even yet considered data loss as a specific issue.
Philippe Courtot, Chairman and CEO of Qualys and Co-founder of the CSO Interchange added:
More than 70% of the security professionals attending CSO Interchange indicated that securing their networks and therefore the confidentiality of their electronically stored data is now harder than ever. The HMRC breach and other recent media stories are forcing this in to the open as a public issue. We must take these matters seriously and rethink the way security is provided online. Four years ago The Jericho Forum was the first non-government organisation to sound the alarm by suggesting practical and effective solutions for high industry. As yet their call to action has gone unanswered. Now is the time for industry and government alike to seize the initiative.”
Managing risk was clearly seen as being the biggest driver to security strategy and executives know they need to improve at this. Half of those surveyed felt they could do better at articulating the impact of risks within their organisation as well as the impact of mitigating them financially. There was clear recognition too for the risks posed by insiders within their organisation – with 75% citing this as greater than the risks from outsiders.
These and other interesting findings were revealed in an interactive survey of 35 top ranking professionals from major blue chip organisations taking place at the event organised by Qualys. The survey consisted of 26 key questions relating to business issues of importance to security executives.
Other key findings were:
- 50% see Software-as-a-service (SaaS) as displacing enterprise software
- 64% see the job of securing their networking environment as harder than one year ago – with the majority seeing time, personnel and budget as the biggest obstacles to doing their job.
- 62% have no real interest yet in environmental issues