Nearly 75 percent of the respondents in RSA's inaugural Cybersecurity Poverty Index believe that their companies have significant cyber-security risk exposure.
The index was compiled from the results of self-assessment tests completed by more than 400 security professionals from organizations of all sizes spanning 61 countries with respondents instructed to rate their organization's capabilities on a five-point scale. Participants were asked how they felt about the maturity of their cyber-security programs using the NIST Cybersecurity framework as a measuring stick.
According to the report, sponsored by EMC2, companies are still prioritizing protection over detection despite the fact that preventative capabilities alone are fundamentally incapable of stopping today's cyber-threats.
Mark Kedgley, CTO, New Net Technologies comments, “Not only are companies unprepared for a breach, the majority would not actually be aware that they had been subject to a breach until months later. The security world is preoccupied with the idea of stopping breaches but this survey reinforces the evidence that it is time for a change in attitude and a shift towards a defense and breach detection strategy.
“Modern IT environments need to start operating Security Best Practices – remove vulnerabilities then maintain hardened system integrity through change control. It is only by spotting the breach in time that an organization has any chance of effectively managing security.”