Only 17 percent of security professionals are confident in US government’s cybersecurity posture, says Tripwire survey
Tripwire, Inc., based in Portland, OR, announced on March 6 the results of a survey of more than 200 security professionals attending RSA Conference 2017. Conducted at Tripwire’s booth, the survey gauged respondents’ concerns for their own organizations and found there are rising concerns for cybersecurity in general.
When asked if they were confident in the U.S. government’s ability to protect itself from cyber-attacks in 2017, only 17 percent of respondents said ‘yes.’ In addition, 80 percent of respondents said they were more concerned about cybersecurity this year than in 2016.
Cybersecurity issues plagued the US presidential elections at the end of last year, with reports on the DNC being hacked and various government officials raising concerns about their own cybersecurity practices. Nation-state hacking has also risen to the top of the agenda, with a call for a ‘Digital Geneva Convention’ to tackle the problem.
“People and organizations alike look to the government to set an example and lead the way on all sorts of issues, including cybersecurity. What the results of this survey show is that seasoned cybersecurity professionals are not confident in the government’s current cybersecurity strategy, and these worries can trickle down to the list of concerns for an enterprise,” said David Meltzer, chief technology officer at Tripwire. “While organizations look for their fears to be resolved over the next year, they will also need to increasingly work with security vendors to be reassured that they are taking the right security approach.”
Revealing their top concerns for their own organizations, 60 percent of respondents said they were confident in their own organizations’ abilities to enforce foundational security controls. When asked “what would you be most concerned about if your organization lacked a robust security program,” they said intellectual property theft (59 percent), followed by brand reputation (54 percent) and financial loss (53 percent). Nearly half (48 percent) of respondents said the lack of skilled people would most likely be the cause of security failures at their organizations, followed by inadequate processes (30 percent).
Meltzer continued: “With high profile data breaches hitting companies’ bottom lines, it’s no surprise that financial loss is high up on the list of security professionals’ concerns. It’s encouraging to see that people recognize that bad security affects a company’s brand reputation, as it means people care more about their security,” Meltzer added. “However, the looming skills shortage that’s already been identified as a pain point is worrisome. Companies need to look for technology that can increase automation in security and reduce the manual effort required of their employees.”