Maybe it’s not surprising that security professionals consider a cyberattack a bigger threat to the United States than another terrorist assault. Then again, maybe it should be, considering that they seem to feel they are doing very well in their jobs of preventing such attacks.
Whether you find it puzzling or business as usual, that was one of the findings when surveyors posed a range of security-related questions to 250 attendees at March’s GovSec Conference. After cyberattacks and terrorist activity, next most-worrisome were insider threats and information security breaches, according to the poll taken at the gathering for government and industry leaders in safety, security, and law enforcement community in Washington, D.C.
But not to worry -- at least if your chief of security was in Washington on March 23 and March 24. While they felt the country as a whole was threatened most by cyberattacks, nearly 65 percent of the respondents felt their organizations were monitoring security very well or perfectly. Just 6 percent said they either did not monitor security very well or did so very poorly.
Respondents were split on how well their organizations responded to risk. About 40 percent felt they responded to risk perfectly or very well. About the same number indicated an inconsistent risk response.
When it came to their individual organizations’ most important business imperatives, cybersecurity was ranked highest at 84 percent. Next came physical security and infrastructure protection, at 74 percent. Risk management planning came in at 73 percent.
A similar number of respondents said their organizations were focusing at least to some extent on integrating or converging physical security and IT security. About 65 percent said that sort of convergence was their focus, and another 20 percent were somewhat focused in that direction.
The organizations that were interested in integrating physical and IT security were more likely to score well on self-assessments of security monitoring and response to risk. Nearly 77 percent of those who said they monitor perfectly were also pursuing convergence. And 80 percent of the ones who claimed perfect risk response were also focused on integration.
When asked how many vendors they worked with on installation, maintenance, and monitoring of security infrastructure, the largest group -- 36 percent -- said they used multiple vendors. Only 16 percent said they relied on a single vendor to do all the work. Even fewer – 10 percent -- used a primary vendor and farmed out some work to subcontractors.
The most consistent finding of all was this: Everyone -- 100 percent -- who said their organization responds to risk very poorly also said that risk management was not integrated with new and changing initiatives. On the other hand, 42 percent of those who said their organizations respond to risk perfectly or very well also did very well at integrating new and changing initiatives with security activities.
One reading of the resulting bottom line is that security professionals think their work is very important. They also feel they are usually doing it quite well. And finally, it’s extremely important that they be left alone to do it.
Only registered users can write comments. Please login or register.