CISOs obsess over malware outbreaks, data breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fiercecio.com/story/cisos-obsess-over-malware-outbreaks-data-breaches/2014-07-28

Worries over malware outbreaks and data breaches continue to keep CISOs up
at night, which isn't surprising considering that most organizations report
they can't find an acceptable security solution.

That is one of the findings of new research from Wisegate and Scale
Ventures Partners, which polled CISOs on the most pressing issues they face
today.

Among the key findings of the research were that malware and data breach
fears now consume one-third of their attention. But despite that focus,
"half of participants admitted they didn't have good ways to measure the
status of these risks of how effective their programs were at addressing
them," the study found.

Compounding the problem is the fact that many organizations are forced to
develop their own first line of defense against cyber threats, since they
cannot find suitable tools in the marketplace.

"Three-quarters of participants' teams needed to build a custom solution or
integration to address their top risk because there are no acceptable
commercially available alternatives," noted Bill Burns,
executive-in-residence at Scale Venture Partners, in an email to FierceCIO.

Five risks capture 51 percent of CISO's top concerns, Burns reveals, and
two in particular--malware outbreaks and sensitive data breaches--are front
and center on their radar.

According to the study, the other three top concerns are malicious outsider
threats, malicious insider threats and advanced persistent threats.

In response, "security teams are consolidating and automating their
controls to stay secure,"  Burns says. This includes:

- "Three-quarters needed to build a custom solution or integration to
address their top risk.
- 59 percent marked as a top-choice proactive threat/misuse detection or
automated orchestration to streamline their incident response processes.
- 31 percent are prioritizing security controls for DevOps environments."

"Finally, several participants remarked that they're concerned about
managing an ever-expanding set of security point solutions," Burns said.
"Even if security teams could easily find qualified staff to run new
controls, they get better efficiencies driving security initiatives via
automation and APIs."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!