Attacks/Breaches

1/24/2019
01:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Overlooked and Underappreciated? IT Security Professionals are Suffering from an Image Problem

New Research from Thycotic reveals IT security professionals feel they're seen as the 'doom mongers' or a 'necessary evil' by employees

London, January 24, 2019 – The majority of UK IT security professionals feel they’re suffering from an image problem amongst fellow workers, according to new research commissioned byThycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organisations worldwide.  Nearly two thirds of respondents (63%) feel that their security teams are either viewed as the company naysayers – specifically either ‘doom mongers’ or a ‘necessary evil’ (36%). Also, 27% of respondents said company security and security professionals are just something that runs in the background which employees don’t really notice.

The research, which was conducted with 100 IT security decision makers within the UK, revealed that more than a third of respondents (38%) believe that they’re viewed as the ‘policemen.’ Worryingly, when asked if they’d ever experienced negativity towards their team and their work, 13% said this happens ‘all the time.’

Almost three quarters (74%) of security professionals reported negativity or indifference regarding the introduction of new security measures and policies: with employees believing it will hamper their work (35%), or barely noticing them (39%).  

Security professionals are also struggling to promote their value to other departments in the business. The overwhelming majority of them (90%) believe that other departments could have a better understanding of what they’re trying to achieve, whilst an equally high majority (88%) feel that it could be easier to communicate their views to executive management in other functions such as HR and Finance.

 

Execs feel board perceives them as functional, not a force for competitive advantage

When it comes to how they’re perceived by the C-suite, there are further challenges: 56% feel that they’re restricted by the board, which may be accounted for by the fact that only 41% of organisations have a CISO in place on the board.  Whilst the security team can be instrumental in business transformation, only 44% believe that the C-suite sees them as a positive force for innovation and just one in 10 respondents (13%) believe that the board sees them as helping the company to gain a competitive advantage. 

 

It also suggests that boards may be paying lip service to IT security teams, as there is a disparity between what the board says and how this translates into investment.While 87% of security professionals believe that the board listens to them and values their input, a considerable proportion (62%) believe that the board can’t always see the business case for security investments. 

Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic notes, “At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives. The fact that negative opinions are rife amongst employees also suggests that security teams need to work harder to communicate the strategic importance of their roles to the business and reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly.”

 

He continues: “Clearly instrumental in this will be achieving a greater representation of CISOs at board level and improving cross-departmental communications.”  

 

For more information please go to:  https://thycotic.com/resources/cyber-security-executives-survey-report-europe/.

 

 

Research Methodology

Thycotic, commissioned independent market research specialist Vanson Bourne to undertake research. Vanson Bourne interviewed 200 IT security decision-makers in November 2018 on the position and reputation of IT security departments in companies.

 

The sample was comprised of 100 respondents in Germany and 100 in the UK with at least 1,000 employees or more from a range of private and public sectors. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.

 

Results referenced above all refer to UK respondents only.  

 

 

About Thycotic

Thycotic is the leading provider of cloud-ready privilege management solutions. Thycotic's security tools empower over 10,000 organizations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritizing productivity, flexibility and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.

 

 

For further information, please contact:

 

Media Contact

Kirsten Scott/Kelly Friend/Barry Salmon

[email protected]

éclat Marketing

+44 1276 486000

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2019-10030
PUBLISHED: 2019-02-20
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.