Glasswall Solution’s latest research report ‘Keeping the Enterprise Secure: A Tangled Web of Contradictions,’ reveals the increasing and opposing forces security leaders face while protecting their organisations.
The report showcases how leaders struggle to find the balance between risk and cost, minor disruption and catastrophe, and keeping pace with the demands of business while keeping their organisations safe.
Glasswall's survey of senior-level executives across the US (70% of respondents) and the UK (30% of respondents) reveals how even the best security strategies still have inherent risks.
The research highlights how complexity is entangling security professionals into a web of contradictions that impact multiple facets of security management’s finite budget but endlessly growing need.
Highly interdependent but vulnerable value chains, reliance on old standby tools like antivirus that have limited effectiveness, and employees' business expectations that can also lead to risky behaviours.
These incongruities present security leadership with a mesh of continually competing interests, opportunities and tensions from across the business.
71% of respondents saw third-party risks from partner and supply chain interactions as a high concern.
Concerns about email risks from partners top the list of potential vulnerabilities – that includes both email with attached documents and email that may include dangerous links.
Glasswall Insight: Supply chains for global businesses are growing exponentially, yet third party vulnerabilities are also rapidly increasing.
Organisations often have to rely on the security of those that are unreliable, and while many global firms have some visibility into the defences their partners have in place, they often have limited influence on the risk decisions made by those third parties.
More than 40% of respondents recognise that employees remain susceptible to phishing attacks and engage in risky behaviours. At the same time, 40% are completely reliant on employees as their last line of defence.
According to the findings, access to unlocked devices, poor password protection and the use of personal devices are cited as the most worrisome employee behaviours.
Glasswall Insight: While this illustrates a clear paradox in security teams' quest to secure the enterprise, it also reaffirms that employees are a critical component to the security strategy and its incumbent upon organisations to implement effective and thorough security training across their workforce.
82% of respondents still see the network perimeter as the domain where they most need to keep investing in security. That includes the 57% who will continue to invest in perimeter defence along with post-breach detection.
Glasswall Insight: Despite the proliferation of cloud, the perimeter hasn't disappeared; it has just expanded and remains the most vulnerable access point in need of protection.
Only 9% of respondents expressed complete confidence in their antivirus solutions. And yet, despite the low confidence expressed, 96% said they continue to invest in antivirus product.
Glasswall Insight: This prevalent technology is increasingly viewed as inadequate to serve its intended purpose. However, as industry has yet to introduce a broadly accepted, game-changing alternative to AV, organisations continue to invest in it and view it as a commodity, value-based checkbox product – knowing it's under par.
"Our research validates an industry issue that has been discussed for a long time behind closed doors – those in charge of security are caught in a web of contradictions, a repetitive cycle of codependence of weakest links and strongest assets," said Greg Sim, CEO, Glasswall Solutions.
"After hearing from top security leaders, it's clear the security industry needs to have an honest discussion about what's not working, and collectively reset the security standard to which all organisations must align."