Why Security Execs Lack Confidence in Security- Valutrics

A majority of IT security executives are only somewhat confident in their enterprise’s security, according to a new survey. One-third of respondents are confident in their security posture and one-quarter said they communicate effectively about security metrics and posture to senior management. These executives continue to rely mainly on quantitative metrics aimed at preventing breaches. “With security spending continuing to skyrocket, it’s more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches,” said Ed Hammersla, president, Forcepoint. “To be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time the threat is in our network, which reduces damage and helps strengthen our overall security posture.” The main take away: intruders can do more damage the longer they poke around and move laterally within a network. If an organization limits the time a threat exists, it will minimize damage. The study “Why Executives Lack Security Posture of Confidence” included 100 responses from American IT security executives.