Our Latest Online Backup Reviews:Vembu SyncBlaze
Industry LinksTools and Graphs
Inaugural Cybersecurity Poverty Index Shows Troubling Lack Of Maturity And An Overreliance On Prevention
BEDFORD, MA , June 9, 2015 — /BackupReview.info/ — Today, RSA, The Security Division of EMC (NYSE: EMC), released its inaugural Cybersecurity Poverty Index that compiled survey results from more than 400 security professionals across 61 countries. The survey allowed participants to self-assess the maturity of their cybersecurity programs leveraging the NIST Cybersecurity Framework (CSF) as the measuring stick. The research provides valuable global insight into how organizations rate their overall cybersecurity maturity and practices across a variety of organizational sizes, industries and geographies. While larger organizations are typically thought of as having the resources to mount a more substantive cyber defense, the results of the survey indicate that size is not a determinant of strong cybersecurity maturity and nearly 75% of all respondents self-reported insufficient levels of security maturity.
The lack of overall maturity is not surprising as many organizations surveyed reported security incidents that resulted in loss or damage to their operations over the past 12 months. The most mature capability revealed in the research was the area of Protection. The research results provide quantitative insight that organizations’ most mature area of their cybersecurity program and capabilities are in preventative solutions despite the common understanding that preventative strategies and solutions alone are insufficient in the face of more advanced attacks. Further, the greatest weakness of the organizations surveyed is the ability to measure, assess and mitigate cybersecurity risk with 45% of those surveyed describing their capabilities in this area as “non-existent,” or “ad hoc,” and only 21% reporting that they are mature in this domain. This shortfall makes it difficult or impossible to prioritize security activity and investment, a foundational activity for any organization looking to improve their security capabilities today.
Counter to expectations, the research indicates that the size of an organization is not an indicator of maturity. In fact, 83% of organizations surveyed with more than 10,000+ employees rated their capabilities as less than “developed” in overall maturity. This result suggests that large organizations’ overall experience and visibility into advanced threats dictate the need for greater maturity than their current standing. Large organizations’ weak self-assessed maturity ratings indicate their understanding of the need to move to detect and response solutions and strategies for a more robust and mature security.
Also counterintuitive to expectations were the results from Financial Services organizations, a sector often cited as industry-leading in terms of security maturity. Despite conventional wisdom, however, the Financial Services organizations surveyed did not rank themselves as the most mature industry, with only one third rating as well-prepared. Critical infrastructure operators, the original target audience for the CSF, will need to make significant steps forward in their current levels of maturity. Organizations in the Telecommunications industry reported the highest level of maturity with 50% of respondents having developed or advantaged capabilities, while Government ranked last across industries in the survey, with only 18% of respondents ranking as developed or advantaged. The lower self-assessments of maturity in otherwise notably mature industries suggest a greater understanding of the advanced threat landscape and their need to build more mature capabilities to match it.
Despite the fact that the CSF was developed in the United States, the reported maturity of organizations in the Americas ranked behind both APJ and EMEA. Organizations in APJ reported the most mature security strategies with 39% ranked as developed or advantaged in overall maturity while only 26% of organizations in EMEA and 24% of organizations in the Americas rated as developed or advantaged.
Organizations rated their own capabilities in the five key functions outlined by the CSF: Identify, Protect, Detect, Respond, and Recover. Ratings used a 5 point scale, with 1 signifying that the organization had no capability in a given area, and 5 indicating that they had highly mature practices in the area.
Amit Yoran, President, RSA, The Security Division of EMC
Stephen T. Whitlock, Chief of Strategy & Technology, Information Security Solutions, Boeing
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.
General Tags: online file backup, online backup services, online backup reviews, online backup, cloud computing, online backup providers directory, online backup news, data security, compare online backups, top rated online backups, data storage, backing up online, online file storage, CEO interviews, SaaS, online data backup, online backup companies, software as a service
Like us on Facebook
Sponsored Links:Data Deposit Box Asigra Bacula Systems