Is your company’s cybersecurity keeping you up at night?
If you're an IT professional, the answer to that question is probably yes. If you're an IT executive, the answer to that question might be no – even if you work at the same company.
What we're seeing, says Jack Danahy, co-founder of Barkly, a Boston-based endpoint security startup company, "is a breakdown in communication."
That's what Barkly found in its "Cybersecurity Confidence Report." In it, Barkly surveyed of 350 IT professionals and found that 50 percent are not confident in their current security products or solutions.
However, the story is different at the executive level: Nearly 70 percent of IT executives said they have confidence in their current security/solution. There's a disconnect in measuring return on investment, too: About 70 percent of IT executives said they're confident that can be determined while less than 50 percent of IT pros said the same thing.
Danahy says that one reason IT professionals are so worried about their security is because bad stuff keeps happening. One third of respondents didn't know how many had happened at their companies in the last year. Of those who could quantify it, the average was 2.7.
For the IT professional, 2.7 is 2.7 too many. For the IT executive? They perceive that number as something different.
"The exec says that's awesome. From the perspective of the IT professional, it's 'Oh my goodness look at all these attacks I have to worry about,'" Danahy says. "They're more worried about attacks because they're "a little bit closer to the threat."
"IT professionals tend to manage individual system components," says Steve Bell, security expert at BullGuard, an Internet and mobile security software company. "They know how everything fits together and the vulnerabilities." They have a "microview," which can lead them to be less confident because they see flaws and how some security solutions slow down business – and they seem them on a daily basis.
IT executives, however, often have a "false sense of security" because of a blind faith in technologies like firewalls and intrusion detection systems. "It's almost as if a list of required products has been ticked off and that's it, end of matter."
That false sense of security can have IT executives not only disconnected with the reality of their security situations, but having a blind spot from what threats are really going on. According to a recent study by Proofpoint, phishing via social engineering – which exploits weaknesses in people, not security – is becoming, once again, one of the most common techniques cybercriminals use to break into a company's system.
Sign up for Computerworld eNewsletters.