A lack of knowledge and 'blind spots' in network visibility is damaging corporate security, C-level executives admit.
According to a new research report released by network security analytics firm RedSeal , many C-level executives are convinced their network infrastructure is safe, but more admit better security will only be made possible with enhanced visibility into their networks.
The company surveyed over 350 C-level executives from businesses with a minimum of 250 employees across the United States. In total, nearly 60 percent said they can "truthfully assure the board beyond a reasonable doubt" that their organization is secure -- a fierce claim to make in itself considering today's threat landscape.
Despite this confidence, however, data breaches are becoming more and more common not only against well-known firms but also SMBs. Sony, Target and Mastercard, to name but a few, have all been recent targets -- and it is estimated that data breaches will cost the global economy as much as $2 trillion in the next five years.
Last month, Kaspersky Labs revealed the existence of a new business-orientated campaign against small and medium-sized businesses worldwide. Grabit is an active campaign based on phishing which deliver malicious payloads capable of spying on businesses -- and has been able to steal approximately 10,000 files from SMBs mainly based in Thailand, India and the United States to date.
Networks and understanding how to properly secure them are key components of protecting businesses from cyberthreats today. Despite 60 percent of executives believing their networks are safe, only 32 percent claimed they have full visibility into their global network -- and so such faith may be misplaced. In total, 86 percent admitted to gaps in their ability to see and understand what's really happening inside the network.
What you cannot see, you cannot protect, and 79 percent admit to network blindness hampering protective efforts.
When the executives were asked if they knew "for a fact" their network was currently under attack by cybercriminals, 29 percent said yes -- which leaves you to wonder what the remainder know and understand about cybersecurity and the levels of attacks businesses face today.
In addition, the research revealed disparities concerning strategy and security. Almost half of executives said security is strategic to their business, and yet 72 percent assert that security products -- including antivirus software and monitoring systems -- have no strategic value.
The majority of respondents want clear, concise ways to view their networks and understand what is happening within their infrastructure. Approximately 95 percent of those surveyed said to achieve critical and strategic security capabilities, enterprises will have to obtain "the kind of intelligence that lets them comprehensively see and verify their overall "state of security," and have the ability to tell at a glance whether or not security investments are performing well.
Ray Rothrock, chairman and CEO of RedSeal commented:
"It's remarkable how many executives say their networks are secure -- until we drill down into the issue, and it becomes obvious not only that there are vulnerabilities, but also that many organizations have no idea where those weak spots are. This is exactly why corporations get breached so often even though they've invested in excellent security products. Security is a strategic, top-level issue, and it needs to be treated as such by the entire organization. The network is the business."