Cybersecurity

Execs think their networks are safe (they’re not)

Shutterstock image: examining a line of code.

CEOs, CIOs and CISOs seem to have a false sense of security.

In a survey of roughly 350 C-level leaders at private and public organizations across multiple industries, cybersecurity analytics firm RedSeal discovered an unnerving level of confidence among executives.

More than half – 60 percent – of the survey respondents agreed with the statement, “I can truthfully assure our Board, beyond any reasonable doubt, that our organization is secure.” (The 14 government executives surveyed were split 50-50 on the question.)

Yet, as RedSeal noted, in this day and age virtually every organization has been breached, with some estimates putting the figure as high as 97 percent. (Consider, too, cloud security firm Skyhigh Networks’ recent estimate that more than 96 percent of public sector organizations have users with compromised identities.)

“It’s remarkable how many executives say their networks are secure—until we drill down into the issue, and it becomes obvious not only that there are vulnerabilities, but also that many organizations have no idea where those weak spots are,” said RedSeal CEO Ray Rothrock. “This is exactly why corporations get breached so often, even though they’ve invested in excellent security products.”

The Office of Personnel Management breach, in which more than 4 million personnel files were exposed to hackers, may be one example of the disconnect between what executives think and what’s actually going on. OPM’s systems were hacked all the way back in December 2014, but the breach wasn’t detected by the Homeland Security Department’s Einstein system until April.

While not a hack per se, the IRS’s troubles with its “Get Transcript” application offer another recent example of a problematic security mindset: The agency didn’t fully realize fraudulent pull requests were pouring in until legitimate requests tapered off at the end of tax filing season.

Other key points from RedSeal’s survey:

  • Only 29 percent of respondents said they “know for a fact that their network is currently under attack by hackers.”
  • Only 32 percent of respondents said they have complete visibility into their network worldwide.
  • Every single one of the government respondents agreed with the statement, “If I could clearly understand all the possible ways attackers can get in and out of my network -- with clear, simple instructions about what should be fixed - first, second, third etc. -- that, to me, would be a strategic security solution and critical capability.”

RedSeal published an infographic breaking down the survey’s findings here.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.