Centrify study discovers the root cause behind weakening cybersecurity

62 percent of CEOs inaccurately cite malware as the primary threat to cybersecurity; 24 percent are not even aware they have experienced a breach
Ccompanies need to listen more closely to their technical officers, says Tom Kemp.
Ccompanies need to listen more closely to their technical officers, says Tom Kemp.

Share

Centrify's results of a new research study with Dow Jones Customer Intelligence, "CEO Disconnect is Weakening Cybersecurity" has revealed that a misalignment between CEOs and technical officers is weakening enterprise cybersecurity postures.

The report highlights that CEOs are incorrectly focused on malware, creating misalignment within the C-suite, which results in undue risk exposure and prevents organisations from effectively stopping breaches. 

The study - a survey of 800 enterprise executives including CEOs, technical officers, and CFOs highlights that 62 percent of CEOs cite malware as the primary threat to cybersecurity, compared with only 35 percent of technical officers. Only 8 percent of all executives stated that anti-malware endpoint security would have prevented the "significant breaches with serious consequences" that they experienced. 68 percent of executives whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance.

"While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their Technical Officers," said Tom Kemp, CEO of Centrify.

"It's clear that the status quo isn't working. Business leaders need to rethink security with a Zero Trust Security approach that verifies every user, validates their devices, and limits access and privilege."

The study also revealed that CEOs are investing in the wrong areas of cybersecurity. The 2017 Data Breach Investigation Report released by Verizon indicates that 81 percent of breaches involve weak, default, or stolen passwords. Identity is the primary attack vector, not malware, yet the report reveals that malware is still the focus point for most CEOs.

These investment decisions are frequently caused by misplaced confidence in the ability to protect against breaches, putting organisations at significant risk. While Technical Officers are more aware of the real risks, they are also frustrated by inadequate security budgets, as spending is typically strongly aligned with CEO priorities rather than with actual threats.

The study also exposed that the disconnect between CEOs and technical officers leads to misaligned security strategies, and tension among executives. 81 percent of CEOs say they are most accountable for their organisations' cybersecurity strategies, while 78 percent of technical officers make the same ownership claim.

"The traditional security model of using well-defined perimeters between 'trusted' corporate insiders and 'untrusted outsiders' to protect assets has evolved with the advent of cloud, mobile and IoT. Yet most enterprises continue to prioritize spending on traditional security tools and approaches," said Garrett Bekker, Principal Security Analyst at 451 Research.

"Centrify's research reveals that a primary reason for conflicting cybersecurity strategies and spending is that C-level executives and technical managers don't always see eye-to-eye regarding security priorities, and a misaligned C-Suite can put the organisation at risk.

"Modern organisations need to rethink their approach and adopt a framework that relies on verifying identity rather than location as the primary means of controlling access to applications, endpoints and infrastructure."

CEOs also expressed frustration with security technologies that have a poor user experience and cause their employees to lose productivity.  This outdated perception has been resolved by significant innovation by identity security vendors in areas such as machine learning. These advances have substantially reduced the burden of deploying and managing authentication solutions and improved the user experience for a range of security technologies.

Editor's Choice

Bahrain tops London and Silicon Valley for percentage of female startup founders - new report
Said to be among top 10 startup ecosystems with the largest share of female founders.
From the mag: Inside O2O2’s quest for fresher air with fashionable face masks
O2O2 isn’t just a face mask that’s been hitting the runways at Fashion Weeks worldwide. It’s also tackling the problem of polluted air at its source. Is there anything apps and mobile networks can’t do?

Most popular

Don't Miss a Story