Security leaders face an ongoing conundrum

Glasswall’s survey of senior-level executives across the US (70 percent of respondents) and the UK (30 percent of respondents) reveals how even the best security strategies still have inherent risks. The research highlights how complexity is entangling security professionals into a web of contradictions that impact multiple facets of security management¾finite budget but endlessly growing need, highly interdependent but vulnerable value chains, reliance on old standby tools like antivirus that have limited effectiveness, and employees’ business expectations that can lead to risky behaviors. These incongruities present security leadership with a mesh of continually competing interests, opportunities and tensions from across the business.

Highlights from the report include:

• 71% of respondents saw third party risks from partner and supply chain interactions as a high concern. Concerns about email risks from partners top the list of potential vulnerabilities – that includes both email with attached documents and email that may include dangerous links.
  Glasswall Insight: Supply chains for global businesses are growing exponentially, yet third party vulnerabilities are also rapidly increasing. Organizations often have to rely on the security of those that are unreliable, and while many global firms have some visibility into the defences their partners have in place, they often have limited influence on the risk decisions made by those third parties.
   
• More than 40% of respondents recognize that employees remain susceptible to phishing attacks and engage in risky behaviours. At the same time, 40 percent are completely reliant on employees as their last line of defence. According to the findings, access to unlocked devices, poor password protection and the use of personal devices are cited as the most worrisome employee behaviours.
  Glasswall Insight: While this illustrates a clear paradox in security teams’ quest to secure the enterprise, it also reaffirms that employees are a critical component to the security strategy and its incumbent upon organizations to implement effective and thorough security training across their workforce
   
• 82% of respondents still see the network perimeter as the domain where they most need to keep investing in security. That includes the 57% who will continue to invest in perimeter defense along with post-breach detection.
  Glasswall Insight: Despite the proliferation of cloud, the perimeter hasn’t disappeared; it has just expanded and remains the most vulnerable access point in need of protection.
   
• Only 9% of respondents expressed complete confidence in their antivirus solutions. And yet, despite the low confidence expressed, 96% said they continue to invest in antivirus product.
  Glasswall Insight: This prevalent technology is increasingly viewed as inadequate to serve its intended purpose. However, as industry has yet to introduce a broadly accepted, game-changing alternative to AV, organizations continue to invest in it and view it as a commodity, value-based checkbox product – knowing it’s under par.

“Our research validates an industry issue that has been discussed for a long time behind closed doors – those in charge of security are caught in a web of contradictions, a repetitive cycle of co-dependence of weakest links and strongest assets,” said Greg Sim, CEO, Glasswall Solutions. “After hearing from top security leaders, it’s clear the security industry needs to have an honest discussion about what’s not working, and collectively reset the security standard to which all organizations must align.”