Disconnect between executives and technicians

Ponemon report reveals an increase in advanced malware and zero-day attacks on UK businesses in the last 12 months.

  • Wednesday, 19th June 2013 Posted 11 years ago in by Phil Alsop

FireEye, Inc. has announced the results of a survey which examines the existence of gaps in understanding among IT decision makers and assesses the rate at which advanced and zero-day attacks against businesses are growing. Drawing on data gathered from a total of 3,037 individuals – 1,944 technicians and 1,093 executives – in the United States, Canada, United Kingdom, Australia, Germany France and Japan, the Ponemon Institute survey revealed a clear disconnect between these groups within UK enterprises.


The UK findings revealed a clear difference between the confidence of executive teams when it comes to their business’s cyber defence strategy, compared with the views of the technicians tasked with maintaining it – as 32 percent of executives and 18 percent of technicians described their organisation’s cyber security posture as excellent. The Ponemon report also found that 23 percent of executives, compared with just 3 percent of technicians, felt their organisation’s cyber security strategy was not aligned with its overall business objectives. This discrepancy suggests that technicians are clearly failing to frame their needs in language which is understood by IT decision makers – something which is leading to a culture of miscommunication, and is preventing many organisations from developing a robust cyber defence strategy.


“Low awareness of current risks and lack of communication are evidently rife in UK organisations,” said Greg Day, CTO of EMEA at FireEye. “This is particularly concerning as it impacts the ability to make smart investments – without which effective defences against advanced, targeted attacks cannot be built. Worryingly, it is these types of attacks that typically have highest impact on businesses.”


Another concern highlighted by the study is the fact that 41 percent of executives and 46 percent of technicians reported an increase in advanced malware and zero-day attacks on their business in the past year, with 69 percent of executives and 76 percent of technicians also indicating that their organisation had suffered a data breach in this period. Yet despite this, 45 percent of executives and 44 percent of technicians reported that insufficient resources present an obstacle to obtaining an optimal cyber defence infrastructure and strategy. 46 percent of executives and 49 percent of technicians also felt a lack of collaboration with other functions was hindering their IT security posture. This indicates that despite the vast sums of money spent globally by enterprises to mitigate the risk to businesses, organisations are still under resourced and inadequately equipped to combat the mounting threat facing them.


“The upshot of this report is that the level of investment in cyber defences is simply not aligned with the escalating threat level in the UK,” Day continued. “The striking disconnect between executives and technicians suggests that businesses are ill-equipped and unprepared, despite the fact that targeted and sophisticated attacks are skyrocketing. The fact remains that organisations with Intellectual Property and other sensitive data within their networks are a lucrative target for hackers, and with the stakes higher than ever, enterprise teams must unite and make sure that they are all on the same page, in order to reduce the overall risk.”


Unsurprisingly, the survey also revealed the limitations of traditional security defences as reported by practitioners, with 43 percent reporting that the security technologies currently in use by their organisation do not detect and block modern day attacks This is compared with just 23 percent of executives who seem to invest significantly more confidence in these tools. A large proportion of respondents also cited manual inspection as a primary method of tracking the source of attacks and malware infections, indicating that traditional, labour intensive security is still widespread, despite the changing nature of the threat.