NTT Security recently published its Risk:Value 2019 report. It is the most extensive survey the company has conducted and, importantly, it focused on users not on the IT department. The goal was to get a business view on cyber security. The report certainly achieved its aim and shows that there is a significant disconnect between users and IT when it comes to cyber security.
To understand more about that disconnect, Enterprise Times talked with Garry Sidaway, Senior Vice President, Security Strategy at NTT Security, and Richard Thurston, Market Insights Manager at NTT Security. Sidaway made the point that: “there’s a great level of awareness, but actually, the implementation and the ownership within a business is seen as an IT problem, but not seen as everybody’s problem.” Given how much technology pervades everyone’s life and the constant threat from cyber criminals, that “someone else’s problem” attitude is a serious concern.
Thurston, who has analysed the data points out that: “the security department isn’t always responsible for security in all businesses we spoke to.” It seems that even when organisations have a CISO, responsibility can sit with the CEO not the CISO.
This lack of engagement between the two sides of the business also affects the way policies and even incident response happens. Sidaway commented: “From our report and the index, nearly half don’t actually have a security policy in the first place. Somewhere to start is resolving that problem.” This was something that NTT Security has asked in previous Risk:Value reports. Thurston pointed out: “This is really concerning and it’s only increased by one percentage point in a year.”
To hear more of what Sidaway and Thurston had to say listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there