A little over half of Canada’s IT security professionals aren’t very confident about their ability to defend against attacks – and 77 per cent of them aren’t getting the support they need from the C-suite to protect confidential data.
That’s according to a new survey from the Ponemon Institute on behalf of Websense Inc., a security solutions provider. Researchers polled 236 IT administrators in Canada to find out more about the challenges they face, as well as what’s keeping them up at night. Respondents had an average of nine years’ experience in the field.
Strikingly, 56 per cent of those polled said they don’t feel their organization is protected from hackers mounting advanced attacks. Another 59 per cent said they felt they had the power to stop confidential information from leaking outside of their organization, while 43 per cent said they felt they understood the scope of threats their organization is facing.
And most tellingly, 36 per cent said one or more significant attacks had hit them in the past year, though just 29 per cent said they were sure they had lost confidential data due to a cyber attack. Twenty-seven per cent said they didn’t know exactly hackers had stolen.
That doesn’t mean these companies don’t have security solutions installed – 39 per cent said they’ve equipped their organizations with security solutions. But even so, these respondents said they either know, or they’re unsure, that their solutions can’t inform them about the root causes of an attack. Another 47per cent reported feeling their intelligence isn’t enough.
However, it’s not just external attacks troubling these respondents. Internally speaking, 50 per cent of respondents said board-level executives at their organization have a below-average understanding of security. Plus, 77 per cent said they feel their executives don’t take data breaches seriously enough, failing to understand losing customers’ confidential data translates into lost revenue, as organizations need to report breaches, contact affected customers, do investigations, hire outside help, and so on.
While IT security staff definitely have a challenging job description, Ponemon researchers did have a few practical tips that may help. They recommend that IT departments invest in technologies that increase their visibility, so they can have a better sense of what kind of attempted attacks hackers are launching against their organizations.
Investing in better threat intelligence and real-time defenses is also a good idea. It also helps to establish a more comprehensive strategy for web, email, and mobile, instead of just narrowly focusing on just one of those channels, researchers said. And as always, educating employees to understand the risks of cyber attacks is key.
For the full report, as well as data on other countries, head on over here.