IBM CISO Study Warns of Uptick in Security Threats -- Redmondmag.com

The Schwartz Report

IBM CISO Study Warns of Uptick in Security Threats

A majority of some of the largest chief information security officers (CISOs) strongly believe that the sophistication of attackers is outstripping their own ability to fend them off and the number of threats has increased markedly. According to IBM's third annual CISO study, 59 percent are concerned about their inability to keep pace with 40 percent and say it's their top security challenge.

Moreover, 83 percent said external threats have increased over the past three years with 42 percent of them saying the increases were dramatic. IBM revealed results of its study at a gathering of CISOs held at its New York offices.

The survey also found CISOs have also found themselves more frequently questioned by the C-suite and corporate boards, while changes to the global regulatory landscape promise to further complicate efforts to step threats, where the vast majority are derived. Kristin Lovejoy, IBM's general manager of security services, said malware creation is a big business in unregulated countries, which are the origin of most attacks.

"Where we say we're worried about external attackers and we're worried about financial crime data theft, there's a correlation between people getting Internet access in unregulated, unlegislated countries where it's an economic means of getting out," Lovejoy said. "When you interview the criminals, they don't even know they're performing a crime -- they're just building code. We have to be careful here, this external attacker thing, it's not going to get any better, it's going to get worse."

Most are able to exploit the naivety of employees, she added, noting 80 to 90 percent of all security incidents were because of human error. "They're getting in because users are pretty dumb," she said. "They click on stuff all the time. It's going to continue." She added organizations that are most secure are those that have good IT hygiene, automation, configuration management, asset management, especially those that implement ITIL practices.

Posted by Jeffrey Schwartz on 11/05/2014 at 1:23 PM

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.