GDPR and security awareness top issues for CISOs, notes survey

GDPR, security awareness, and cloud security strategy are the top most concerns of security professionals

CISOs / GDPR and security awareness top issues for CISOs, notes survey

GDPR and security awareness top issues for CISOs, notes survey

GDPR, security awareness, and cloud security strategy are the top most concerns of security professionals, says a recent survey of 39 CISOs.

While most CISOs believe breach response is a priority, 63% of them focus more on prevention capabilities rather than response.

A survey of 39 CISOs by ClubCISO has revealed that as many as 78 percent of all CISOs consider the GDPR as the top issue, followed by security awareness (74 percent) and cloud security strategy (61 percent).

GDPR: Building data protection in by design and default

Responding to the survey, 63 percent of CISOs said that breach response was a major responsibility, but this was contradicted by the fact that 78 percent of company boards focussed on prevention capabilities instead of response.

““In the wake of a growing number of cyber-attacks, an increasingly fragmented (and therefore vulnerable) workforce, and a step-up in the complexity and effectiveness of malware, 78% of company boards still place their focus squarely on prevention capabilities, rather than response," said Marc Lueck, chairman at ClubCISO.

“At the same time, these same boards contradict themselves by prioritizing breach response very highly. In fact, 63% cite it as a major responsibility of the CISO. In other words, boards want CISOs to clean up the mess after a breach, but they’re not necessarily taking a balanced approach to investing in solutions that enable them to do this quickly and effectively,” he added.

Cloud adoption booming in the UK despite cyber-security concerns

In short, a majority of companies are focussing on tackling visible and perceived security risks as and when they come instead of fixing root causes and security processes. Raef Meeuwisse, author of Cybersecurity Exposed: The Cyber House Rules, said to Infosecurity that breach response is much more expensive for organisations compared to if security is embedded in systems by design.

He compared the response of company boards with 'bailing water out of a boat that is riddled with holes'. Companies should fix security holes and vulnerabilities first instead of applying fixes, and this will ensure that symptoms will be permanently addressed.

“The organizations that are coming through the major cyber-attacks unscathed are not doing anything super-clever, but they are applying all the basic and sensible security basics, such as timely patch management, restricted installation (administration) rights, regular back-ups and AI anti-malware,” he added.

Businesses must make biometrics part of their cyber security DNA

A separate survey of CISOs also revealed that as many as 80 percent of organisations in the UK are in favour of cloud adoption despite concerns on long-term security risks associated with the cloud. As many as 37 percent of such organisations have recently launched Cloud computing projects for the first time.

“Quite simply, CIOs cannot blindly trust that public cloud services will work flawlessly and be delivered perfectly at all times. The more responsibility CIOs hand over to providers, without ensuring that established ITSM principles are applied, the more they open themselves up to blame if one of those services fails,” noted Paul Cash, managing partner at Fruition Partners who conducted the survey.

“CIOs should still be managing cloud services internally, rather than abdicating responsibility to the provider. Otherwise they risk losing control, and increasing both cost and risk to themselves and the business,” he added.

Source: Infosecurity Magazine

The following two tabs change content below.

Jay Jay

Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines


Get the latest cyber news in your inbox

Join our community of cyber professionals today!