Government and private sector security professionals do not have the tools or training necessary to effectively thwart cyber attacks, often times giving hackers the upper hand, a new survey suggests.
The survey of nearly 2,000 professionals by security company RedSeal found that companies and government agencies are often losing the security war to hackers, with 75 percent of security professionals stating that hackers have the upper hand with tools and automation. Fifty percent of security professionals also admit to having no way of knowing how many hosts can be accessed from outside their network, and only 41 percent believe vulnerability management tools accurately prioritize vulnerabilities.
Security professionals employed by the government were also some of the most likely to say that hackers have an advantage over their defense technologies. For example, 84 percent of government security professionals said hackers have the upper hand, beat out only by the energy industry (86 percent). At the same time, government security pros were less likely to say that they lack the ability to generate metrics needed to follow changes in network security posture, the study found.
In addition, 53 percent of security professionals say they lack the ability or knowledge to generate metrics needed to track security trends, the study found. Chief information security officers also are in the dark on comprehensive security strategies, with 51 percent saying they don't know or don't think their tools accurately prioritize vulnerabilities and 25 percent indicating that they don't know if there are security metrics to measure and track overall effectiveness, the study found.
Dr. Mike Lloyd, chief technology officer at RedSeal, told Wired Workplace on Tuesday that the goal for all security professionals is to thwart 100 percent of attacks. Anything less, he said, is insignificant because hackers will always find an open door. "It's very clear that there's a people component and a tech component," Lloyd said. "Many breaches could be fixed with personnel training, but that doesn't seem all that newsworthy. It's like dentists trying to make news by saying you can prevent cavities if you floss your teeth."
Brittany Ballenstedt
Brittany Ballenstedt writes Nextgov's Wired Workplace blog, which delves into the issues facing employees who work in the federal information technology sector. Before joining Nextgov, Brittany covered federal pay and benefits issues as a staff correspondent for Government Executive and served as an associate editor for National Journal's Technology Daily. She holds a bachelor's degree in journalism from Mansfield University and originally hails from Pennsylvania. She currently lives near Travis Air Force Base, Calif., where her husband is stationed.
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.