How to
Jonathan Crowe
Mar 2016

3 Cybersecurity Confidence Killers (and What to Do About Them)

Photo by Source

security_confidence_killers.jpg

Security is anything but an easy gig. It's a lot of work that goes into trying to make sure bad things don't happen, even though just about everyone agrees it's inevitable that they will

It's also often thankless. If you own security at your company your biggest win is keeping the business running as usual. The last thing you want is to find yourself in the spotlight, because that almost always means something went wrong. 

Under those kinds of conditions, no one could really blame an IT pro or executive for not feeling especially confident about security, but according to our recent survey, they're actually resiliently optimistic.

Four out of five IT pros said they still feel confident their organization can achieve an effective security posture.


In fact, any lack of confidence they have can generally be attributed to just three primary pain points:

  • user error
  • inability to measure security ROI
  • current security solutions coming up short

With that in mind, perhaps the biggest thing executive leadership teams can do to empower their IT/security teams is to provide them with budget and support to tackle these specific problem areas. Let's look at each one in more detail:  

1) User error

Only one in four of the IT pros we surveyed expressed confidence in their coworkers' cybersecurity awareness.

Confidence_in_employee_security_awareness.png

Nothing takes the wind out of your sails like seeing all the defenses you put in place bypassed because a user disabled antivirus or clicked on something they really shouldn't have. 

Rash or uninformed user decisions are always going to be a specter hanging over your security efforts. Investing in security awareness training should be at the top of the priority list, but in addition, executives should understand and expect IT pros will need to take additional measures (installing endpoint protection and backup solutions, managing user access permissions, etc.) to reduce the impact inevitable user mistakes will have.  

2) Inability to measure security ROI

The majority of IT pros don't feel confident they can demonstrate the true value of their security efforts. 

Confidence_in_security_ROI.png

When your primary goal is to reduce potential risk, having to pin a specific dollar value on all the work you've been doing (or would like to do) can be frustratingly difficult. It's crucial for executive leadership to take the time to sit down with IT/security pros and make sure everyone is on the same page in terms of priorities, goals, and metrics for measuring the impact of initiatives. Otherwise, you're flying blind and you run a very real risk of damaging and costly misalignment. 

For more tips on making sure you're tracking the right security metrics, see our post "Cybersecurity Has a Metrics Problem."   

3) Current security solutions coming up short 

Only half of the IT pros we surveyed are confident their current security products or solutions will actually protect them from an attack. 

confidence_in_current_security_solution.png

Despite widespread increases in IT security spending, security software still regularly fails to live up to expectations. Many of our survey respondents complained solutions slow down their systems, cost too much, require too many updates, and take up too much time and resources to manage.

Perhaps the most damning complaint, however, was that security solutions are failing to keep companies protected. On average, survey respondents suffered 2.7 breaches last year alone.

Helping IT and security pros get access to the best solutions that fit their individual needs will make them feel better equipped to meet security challenges head-on. 

Confidence benchmarks

To see all the responses and data from our survey download our 2016 Cybersecurity Confidence Report.  

It's full of honest insight into how IT pros really feel about their top security needs, priorities, and concerns, including:

  • The real reason they worry about data breaches (hint: it's not downtime) 
  • The #1 thing most executives want in a security product
  • The first change IT pros would make to their security programs if they were calling the shots


Photo by: Ryan McGuire  

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.

lock-white.png

Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.