Survey: CISOs worried about insiders, data breaches

Share this article:
Eighty percent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study conducted by security vendor NetWitness and audit-and-information-security training company MIS Training Institute.

Conducted from June 10 to 12 at the sixth annual CISO Summit in Lisbon, Portugal, the survey of more than 60 information security professionals from across the world also found that just 18 percent viewed external sources as the biggest threat to company data.

When asked how concerned about data breaches they were, 97 percent of respondents said they were either “very concerned” or “concerned,” while just three percent said they don't worry about their network "because it's secure," the survey found.

Meanwhile, based on respondents' answers, the survey showed that 59 percent of sensitive data resides on Windows or Unix-based servers, 23 percent on mainframes, eight percent on end-user computers and another eight percent with third parties. Eddie Schwartz, CSO of NetWitness, told SCMagazineUS.com on Monday that he thinks those stats are concerning because they illustrate that many companies store their most sensitive data in places not necessarily in direct control of data center.

In a roundtable meeting where security pros gathered to discuss the survey findings, some talked about their inability to deploy the proper technologies to counter the threats of today, Schwartz said. Most agreed that due to competing demand from compliance and budget constraints, it was difficult to obtain the needed technology to face attacks at the application layer.

One attendee said organizations should get better visibility to monitor computers on their network and look for signs of communication with outside entities -- and then stop that communication. Schwartz said that tactic is not necessarily easy, but it's a reasonably good defensive measure.

Protecting data from both internal and external threats, as well as meeting compliance demands and dealing with cost restrictions, are major concerns of customers, Doug Howard, chief strategy officer at security vendor Perimeter eSecurity, told SCMagazineUS.com on Tuesday.

“It's not an internal versus external problem, it's about protecting your core data and putting a layered approach,” Howard said.
Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.