Nearly 75 percent of the respondents in RSA's inaugural Cybersecurity Poverty Index believe that their companies have significant cyber-security risk exposure.
The index was compiled from the results of self-assessment tests completed by more than 400 security professionals from organisations of all sizes spanning 61 countries with respondents instructed to rate their organisation's capabilities on a five-point scale. Participants were asked how they felt about the maturity of their cyber-security programmes using the NIST Cybersecurity framework as a measuring stick.
According to the report, sponsored by EMC2, companies are still prioritising protection over detection despite the fact that preventative capabilities alone are fundamentally incapable of stopping today's cyber-threats.
Mark Kedgley, CTO, New Net Technologies comments, “Not only are companies unprepared for a breach, the majority would not actually be aware that they had been subject to a breach until months later. The security world is preoccupied with the idea of stopping breaches but this survey reinforces the evidence that it is time for a change in attitude and a shift towards a defence and breach detection strategy.
“Modern IT environments need to start operating Security Best Practices – remove vulnerabilities then maintain hardened system integrity through change control. It is only by spotting the breach in time that an organization has any chance of effectively managing security.”
You can read the full story on SC Magazine.