You are here: Home > News > Article
Home
Business & Finance
News
U.S.
Politics
International
Technology
Entertainment
Sports
Lifestyle
Oddly Enough
Health
Science
Special Coverage
Video
Pictures
Your View
The Great Debate
Blogs
Weather
Reader Feedback
Do More With Reuters
RSSRSS Feed
Widgets
Mobile
Podcasts
Newsletters
Your View
Partner Services
CareerBuilder
Affiliate Network
Professional Products
Support (Customer Zone)
Reuters Media
Financial Products
About Thomson Reuters

NetWitness and MIS Training Institute Release Results of CISO Information Security...

Tue Jun 23, 2009 8:02am EDT
 
[-] Text [+] 
NetWitness and MIS Training Institute Release Results of CISO Information
Security Survey

Concerned About Data Breaches, CISOs Continue to Rely Primarily Upon
Traditional Approaches in Spite of Emerging Threats

HERNDON, Va., June 23 /PRNewswire/ -- NetWitness Corporation, the provider of
the award-winning NextGen network security solution, and MIS Training
Institute, the international leader in audit and information security
training, today released the results of an information data loss survey
conducted at the 6th Annual CISO Executive Summit in Lisbon, Portugal this
month.  The survey interviewed CISOs, CSOs, and information risk managers from
over 20 countries in an attempt to identify the investment and management
challenges, priorities, and decisions faced by information security leaders
today.

Some highlights of the survey results include:
    --  97 percent of the respondents are "very concerned" or
        "concerned" about data breaches and information theft, while
        three percent are not worried because they believe their network is
        already secure.
    --  There was an overwhelming consensus - 80 percent - among CISOs that
        insiders, including employees and contractors, are the greatest human
        threat to data.  Only 18 percent reported concern over the threats
        coming from external sources such as cyber criminals and
        nation-sponsored attacks such as corporate espionage.
    --  One in 10 CISOs reported they are not planning on spending anything on
        security this year and are trying to just survive with their existing
        technology investments.
    --  26 percent view governance, risk and compliance (GRC) verification as
        the primary business driver for security spending in the next 12
months.
    --  One-third of respondents believe firewalls alone provide adequate
        protection against data leaks.  A quarter of CISOs reported they do
not
        have the correct data leakage protection technology or just do not
know
        what they should have.



"We decided to conduct this survey with NetWitness as a precursor to the CISO
Summit to better understand the thinking of top security executives, the
challenges they believe are most critical, and the technologies and budget
levels they currently have in place," said Sara Hook, Conference Director for
EMEA at MIS Training Institute.  "Obviously, some of the results were not that
surprising, for example, data breaches and insider threats continue to be
historical security concerns for CISOs.  What is really alarming, however, is
the misperception that traditional security approaches alone can protect
against information leaks, and that some CISOs were not sure what they need
for data protection or were not planning to focus any money in that area this
year."

In addition, the survey revealed that nearly 80 percent of CISOs surveyed do
not view growing threats from state-sponsored and organized criminal groups as
potentially harmful to their data.  This opinion stands in sharp contrast to
numerous press reports describing external data breaches across all sectors
indicating that financial and material losses from cyber crime are on the rise
and those criminals are stealing sensitive information and selling this
competitive intelligence for profit.

"Most of us have excelled at preparing for the static cyber threat environment
we studied when we took our CISSP exam in 1995 or 2000," said NetWitness CSO
Eddie Schwartz.  "In a world of well-funded and organized external adversaries
and tech-savvy insiders, however, it can be dangerous and costly to rely
solely upon traditional security concepts such as defense-in-depth and
signature-based technologies.  To be successful in 2009 and beyond, CISOs must
invest in the type of fluid cyber intelligence that can only be obtained
through continuous augmented awareness of the true content and context of all
network communications across the enterprise.  NetWitness NextGen provides a
powerful solution for achieving this objective within any size enterprise."

NetWitness and MIS Training Institute derived this data from online interviews
with over 60 information security professionals during the month of June. 
NetWitness plans to continue surveying CISOs at upcoming events during the
remainder of 2009.  For additional information regarding this survey, please
contact: marketing@netwitness.com.

About MIS Training Institute 
Founded in 1978, MIS Training is the international leader in audit and
information security training, with offices in the UK, USA and Asia. MIS'
expertise draws on experience gained in training more than 200,000 delegates
across five continents. MIS presents training seminars and conferences in the
areas of internal and IT audit; information security; networks; e-commerce
applications; Sarbanes Oxley; operating platforms; and enterprise
applications; SAP. MIS Training is a subsidiary of Euromoney Institutional
Investor. Please visit www.mistieurope.comfor more details.

About NetWitness Corporation
NetWitness Corporation provides patented and award winning, next generation
security solutions that help government and private organizations discover,
prioritize and remediate complex IT risks.  Users of NetWitness NextGen and
InSight solutions concurrently solve a wide variety of information security
problems including: advanced persistent threat management; sensitive data
discovery and advanced data leakage detection; malware activity discovery;
insider threat management; policy and controls verification and e-discovery. 
Originally developed for the US Intelligence Community, NetWitness has evolved
to provide enterprises around the world with breakthrough methods of network
content analysis and host-based risk discovery and prioritization.  NetWitness
customers include Defense, National Law Enforcement and Intelligence Agencies,
Top US and European Banks, Critical Infrastructure, and Global 1000
organizations. NetWitness has offices in the U.S. and the U.K. and partners
throughout North and South America Europe, the Middle East, and Asia.  For
more information and to download a copy of the freeware version of our
software visit:  http://www.netwitness.com.

To download the freeware version of NetWitness Investigator, visit
http://download.netwitness.com.    For more information about securing your
entire organization with NetWitness NextGen, contact: sales@netwitness.com. 
Twitter handle: NetWitness 


SOURCE  NetWitness Corporation

Steve Ward of NetWitness Corporation, +1-703-466-0278, pr@netwitness.com

 

Featured Broker sponsored link

Editor's Choice

U.S. President Barack Obama is greeted by Japanese Emperor Akihito and Empress Michiko upon arrival at the Imperial Palace in Tokyo November 14, 2009. REUTERS/Jim YoungSlideshowSlideshow 

A selection of our best photos from the past 24 hours.   Slideshow 

Most Popular on Reuters

  • Articles
  • Video