20% of IT professionals have witnessed a security breach cover-up

Javvad Malik, Security Advocate at AlienVault, says results show a need for far greater support for employees and businesses when they fall victim to cyber attacks.

  • 9 years ago Posted in

Research conducted by AlienVault has shown that 20% of IT security professionals have witnessed a breach being hidden or covered up. The survey also found that in the event of a breach, only 25% of professionals would see the best course of action as telling the regulator and paying the fine.


“Information security is still a comparatively immature industry,” argues Javvad Malik, security advocate for AlienVault. He fears that the rapid growth of the industry in such a short timeframe has forced security professionals to “make up the play book as they go along, evidenced by inconsistent disclosure practices as well as the ever-changing and complex legal path to navigate.”


The survey’s findings that 20% of IT security professionals have witnessed or been part of a breach being hidden is the prime indicator of the strain placed upon the industry. Malik attributes this to the competitive nature of the technology world, saying “the time and effort it could take to recover from a breach can be significant. Particularly where sensitive data is involved.”


The survey also showed that 66% of those surveyed view a breach as an opportunity to increase the funding for their security departments. According to Malik, this shows that “despite the raised profile of security, it still takes an incident to obtain budgets and raise security.”


Statistics like these are what Malik uses to argue for a much greater support base for IT security professionals, through training and networking, saying “most organisations are coming round to the belief that along a long enough time scale, a security incident or exposure in their product is inevitable.”


When asked if they need to resort to hacker forums and working with black hats to keep abreast of the latest threats and technologies – something that isn’t always legal - over half replied yes. Malik says “support from within the security industry on emerging threat and attacks isn’t sufficient or freely available to professionals liking to access information in a timely manner.”


It is also worth the consideration that it is a case of ‘know your enemy’, and Malik has strong anecdotal evidence of many in the industry believing this is the case.
It is these kinds of attitudes which Malik says needs to be remedied, or he fears “security professionals will find themselves under more pressure to cut corners and bend rules in order to keep the show on the road.” He suggests the culture of the industry should change to one that “accepts, fixes and moves along when they [breaches] do occur.”

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...