14 DAY TRIAL // Security drills aren't sexy, but they're efficient, or at least that's the conclusion we came to when going over a recent survey released by Lieberman Software.
While there are countless of organizations releasing studies, whitepapers, and surveys almost every single day of the week, Lieberman's survey is of interest to us because it compiled the answers from 2015 attendees at this year's Black Hat USA security conference that took place in Las Vegas this August.
Top industry professionals took time out of their schedule to answer a few questions, and as Lieberman compiled the answers, some worrisome conclusions came out of the final results.
The two most important facts that came out of the study show that while 92% of IT and infosec professionals think that cyber-security drills are useful in preparing companies for cyber attacks, only two out of three of those respondents (62-63%) work in companies that run such exercises.
As always, senior management ruins any kind of security measures
Asked why not, 44% have said that their IT (or security) department does not have a spot on the company's board to influence decisions, the department suffers from budget cuts, and their management personnel simply does not understand the severity of a security breach at all.
According to the same survey, Lieberman also found out that 64% of infosec professionals cannot immediately identify a breach of their system, not even in a month after the incident took place. On the opposite end of the spectrum, only 3% of respondents felt secure enough to claim that they can immediately tell when they are being attacked.
Furthermore, 84% of survey takers said that they consider unmanaged privileged credentials as the biggest source of cyber-security problems, 81% anticipating an attack in the near future and also admitting that, despite their worries, they are still incapable of convincing senior management to take precautionary measures.