Security News > 2021 > September > Organizations prioritize strategic security programs, but lack fundamentals

Organizations are prioritizing strategic security programs but missing the foundational capabilities they need to make meaningful changes to their security posture, a ReliaQuest and Ponemon Research survey reveals.

"While it's positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like zero trust - which can be a multi-year journey - it's important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren't sexy, but they are the building blocks of a resilient security program."

Sankar added: "As organizations seek to digitally transform their business and adapt to hybrid work, it's critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success."

Security teams are not aligned on their security programs or metrics The primary obstacle to implementing an IT security risk management program is a lack of standardized metrics to measure progress, followed by the lack of a risk management strategy and decision-making structure.

58% of respondents say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to attacks, but only 31% consider developing a risk-reduction program a top security priority.

Security teams are inhibited by process and operational inefficiencies 31% of respondents report their security staff spends at least 3 hours a day manually administering and managing tools.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/-Vm1tMoXo0I/