Pros Feel Aligned with Board, Still Fear a Phish

Pros Feel Aligned with Board, Still Fear a Phish

After years of requesting a seat at the table, cybersecurity professionals are starting to feel that they see eye to eye with their stakeholders, according to a new report.

The AT&T cybersecurity report surveyed 733 security experts at the RSA 2019 conference and found that the vast majority of respondents feel mostly or somewhat in sync with their executive boards when it comes to cybersecurity.

However, the report noted, “When splitting the results out by company size, a slightly different picture emerges. While the bell curve remains consistent, we see that larger enterprises appear to have a far better alignment with their stakeholders than small or medium businesses (SMBs).”

In fact, while 26% of large enterprises said they were completely aligned with their stakeholders, only 18% of SMBs stated that they were completely on the same page.

“On the other side of the spectrum 10% of SMBs felt they were not at all in alignment with their stakeholders compared to just under 7% of large enterprises,” the report said.

The results were not entirely unexpected, given that large enterprises typically have a greater pool of resources to establish more robust security governance policies. In addition, SMBs usually have fewer stakeholders who aren’t able to devote time to governance because they are more focused on hitting targets, the report said.

When asked about the top threats that concerned them, nearly a third (29%) of respondents cited phishing as their greatest worry. “Phishing comes in different guises for different purposes. Sometimes phishing emails are used to deliver a malicious payload. Other times it’s to social engineer the recipient by gaining their trust or scaring them by posing as an authority to get them to make payments – as we often see in business email compromise (BEC) attacks,” the report said.

“Ultimately, this likely boils down to the fact that for most cyber threats, a technology solution is usually available to ward off attacks, but with phishing, most systems rely heavily on the email recipient being able to detect and respond appropriately.”

Source: Information Security Magazine