cyber trends is the primary attack vector , not malware , yet the report reveals that malware is still the focus point for most CEOs .
• A total of 60 % of CEOs invest the most in malware prevention and 93 % indicate they already feel ‘ wellprepared ’ for malware risk
• A total of 49 % of CEOs say their companies will substantially reduce malware threats over the next two years , yet only 28 % of CTOs agree with this statement
These investment decisions are frequently caused by misplaced confidence in the ability to protect against breaches , putting organisations at significant risk . While technical officers are more aware of the real risks , they are also frustrated by inadequate security budgets as spending is typically strongly aligned with CEO priorities rather than with actual threats .
Poor communication between CEOs and technical officers leads to misalignment
The study also exposed that the disconnect between CEOs and technical officers leads to misaligned security strategies and tension among executives .
• A total of 81 % of CEOs say they are most accountable for their organisations ’ cybersecurity strategies , while 78 % of technical officers make the same ownership claim
• Only 55 % of CEOs say their organisation has experienced a breach , whereas 79 % of CTOs acknowledge they ’ ve been breached . This indicates that 24 % of CEOs are not aware that they have experienced a breach
Garrett Bekker , Principal Security Analyst at 451 Research , said : “ The traditional security model of using welldefined perimeters between ‘ trusted ’ corporate insiders and ‘ untrusted outsiders ’ to protect assets has evolved
Modern organisations need to rethink their approach and adopt a framework that relies on verifying identity rather than location as the primary means of controlling access to applications , endpoints and infrastructure . with the advent of cloud , mobile and IoT . Yet most enterprises continue to prioritise spending on traditional security tools and approaches . Centrify ’ s research reveals that a primary reason for conflicting cybersecurity strategies and spending is that c-level executives and technical managers don ’ t always see eye-to-eye regarding security priorities and a misaligned c-suite can put the organisation at risk . Modern organisations need to rethink their approach and adopt a framework that relies on verifying identity rather than location as the primary means of controlling access to applications , endpoints and infrastructure .”
Outdated thinking results in higher risk
CEOs also expressed frustration with security technologies that have a poor user experience and cause their employees to lose productivity .
• A total of 62 % of CEOs state that multi-factor authentication ( MFA ) is difficult to manage and is not userfriendly , while only 41 % of technical officers agree with this assessment
This outdated perception has been resolved by significant innovation by identity security vendors in areas such as machine learning . These advances have substantially reduced the burden of deploying and managing authentication solutions and improved the user experience for a range of security technologies . u www . intelligentciso . com | Issue 02
21