Light Dark
June 15, 2015 By Douglas Bonderud 2 min read

How prepared are companies to deal with cybersecurity risk? That’s the question EMC asked in their first annual Cybersecurity Poverty Index, which measured the results of a risk maturity self-assessment completed by organizations against the NIST Cybersecurity Framework. More than 400 security professionals across 61 countries responded to the survey, and the message was clear: 75 percent say they lack the maturity to address emerging cybersecurity risks.

Why the dismal outlook? Misallocation of resources may be to blame.

Five Keys to Limit Cybersecurity Risk

The NIST framework covers five key functions of cybersecurity: identify, protect, detect, respond and recover. As noted by Infosecurity Magazine, nearly two-thirds of respondents ranked themselves as “inadequate” across all five areas. More worrisome is the fact that 45 percent said their ability to measure, assess and mitigate cybersecurity risk is either “nonexistent” or “ad hoc,” and just 21 percent considered themselves “mature” in this area. According to ITWeb, the EMC research also found that the assumed link between large organizations and improved IT security may actually be false since 83 percent of enterprises with 10,000 or more employees ranked themselves below the “developed” threshold on the Cybersecurity Poverty Index.

So why all this negativity? Part of the problem stems from the rash of recent data breaches across multiple industries — companies of all shapes and sizes now feel vulnerable, and in many cases, they are unsure that existing protection strategies are effective. And this fear has roots in reality: The survey discovered that for 75 percent of respondents, security resources may not be optimally distributed.

Holding the Line

Where do companies excel? Not surprisingly, the NIST protect category is where most of those asked said they were mature. But SC Magazine pointed out a critical flaw in this resource allotment: Preventative measures are simply not capable of stopping new cyber threats. Rob Sadowski, director of technology solutions at RSA, told SC Magazine that companies are still “following the doctrine of ‘I can prevent attackers from getting that initial foothold’ on their networks.”

But in a corporate landscape filled with evolving bring-your-own-device (BYOD) programs, the accessibility of cloud and unsupported third-party app and continuously evolving malware tools, it becomes impossible for companies to stop attackers at the gate. “We’re living in a world where compromise is inevitable,” Sadowski said, emphasizing that breaching the walls is just the beginning for an attacker. As a result, companies need to spend more on detection and response to cybersecurity risk since big budgets for prevention aren’t actually effective.

Simply put, true cybersecurity maturity comes from the realization that a firewall-based “fortress” model is impossible. Instead, threat containment and agile response are the keys to understanding and combating new malware threats. The NIST standards and EMC’s research reveal a common theme: Companies aren’t confident in their ability to handle risk. A cultural shift, combined with redistribution of resources, could go a long way toward empowering cybersecurity response.

 |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature