DCL Connecting talent
  • Virgin
  • SingTel
  • Tata
  • Nebulas
  • CNS
  • Secure Data
  • Telstra Global
  • Telecity
  • KCOM
Comments Off on New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages For Attacker

New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages For Attacker

Posted by Admin | March 3, 2017 | IT Security

Intel Security, in partnership with the Centre for Strategic and International Studies (CSIS), today released “Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity,” a global report and survey revealing three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles. The report highlights ways organisations can learn from cybercriminals to correct these misalignments.

Based on interviews and a global survey of 800 cybersecurity professionals from five industry sectors, the report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace. Defenders on the other hand, often operate in bureaucratic hierarchies, making them hard-pressed to keep up.

Additional misalignments occur within defenders’ organisations. For instance, while more than 90 percent of organisations report having a cybersecurity strategy, less than half have fully implemented them. What’s more, 83 percent said their organisations have been affected by cybersecurity breaches, indicating a disconnect between strategy and implementation.

And while cybercriminals have a direct incentive for their work, the survey not only shows that are there few incentives for cybersecurity professionals, but that executives were much more confident than operational staff about the effectiveness of the existing incentives. For example, 42 percent of cybersecurity implementers reported that no incentives exist, compared to only 18 percent of decision makers and 8 percent of leaders.

“The cybercriminal market is primed for success by its very structure, which rapidly rewards innovation and promotes sharing of the best tools,” said Candace Worley, vice president of enterprise solutions for Intel Security. “For IT and cyber professionals in government and business to compete with attackers, they need to be as nimble and agile as the criminals they seek to apprehend, and provide incentives that IT staff value.”

“It’s easy to come up with a strategy, but execution is tough,” says Denise Zheng, director and senior fellow, technology policy program at CSIS. “How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It’s not a matter of ‘what’ needs to be done, but rather determining ‘why’ it’s not getting done, and ‘how’ to do it better.”

Source: informationsecuritybuzz

185 total views, 1 today