DomainTools, the leader in domain name and DNS research, released its first annual BSides survey revealing that 35 percent of security experts believe leadership within their organization lacks a “healthy paranoia,” with 21 percent of leadership “relying on hope as a strategy” to avoid a cyber security breach. Conducted live during the week of Black Hat, the findings indicate that nearly half of those polled worry that the DNA of their organization is not security-driven, citing a “lack of situational awareness” within the company. Not surprisingly, the number one complaint was that the leadership team was making decisions without involving the security team – those closest to the risk.
The DomainTools survey validated that budgets are not keeping pace with the acceleration of cyberthreats, with nearly half (47 percent) of respondents stating their budgets were inadequate for the task at hand and two-thirds of the remaining group stating a desire for more funding above the current “acceptable” levels. These findings mirror a recent PwC 2015 Global State of Information Security Report, which indicated that although cyber security incidents have increased by 66 percent year-over-year since 2009 and are costing 34 percent more in financial loss since 2013, security budgets have declined 4 percent.
Other key findings of the survey include:
- 40 percent believe infrastructure and tools are an overlooked priority at their company.
- 58 percent of security experts cited a lack of security-focused education within the organization as a top concern.
- Nearly one third of security executives are concerned that leadership views security as an “IT problem”, reinforcing a siloed mentality.
- 40 percent of security executives believe leadership is starving the security team of resources due in part to the unwillingness to understand how key security initiatives can be used to mitigate potential breaches.
“Despite the general increased awareness about security breaches within the public domain, we were surprised that nearly half of security executives felt their organization lacked a security-centric DNA,” said Tim Chen, CEO of DomainTools. “As we have seen with great clarity over the last 12-24 months, safety of a company’s employees, customers and brand all run through the security organization whether a CEO prefers that or not.”
The DomainTools survey was conducted live at the BSides Las Vegas conference during Black Hat and is comprised of over 50 interviews from top security executives at Fortune 1000 companies across all major industry groups.
About DomainTools®
DomainTools is the leader in domain name and DNS-based cyber threat intelligence. With over 14 years of ‘cyber fingerprint’ data across the global Internet, DomainTools helps companies assess security threats, profile attackers, investigate online fraud and crimes, and map cyber activity in order to stop attacks. Fortune 1000 companies, global government agencies, and many security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.