Ponemon Institute, in collaboration with the international law firm Kilpatrick Townsend, has just released its Second Annual Study on the Cybersecurity Risk to Knowledge Assets. This study focuses on how well organizations are “safeguarding confidential information critical to the development, performance and marketing of their core businesses”—such as R&D secrets, software source code, strategic plans, preliminary financial reports, customer lists and internal communications.
The survey of 634 IT security practitioners clearly illustrates both the staggering magnitude of this problem and the enormous level of risk that organizations currently face. 82% of respondents acknowledged that their companies very likely failed to detect a breach involving knowledge assets, and 65% are aware that one or more of their company’s knowledge assets are already in the hands of a competitor. Further, 61% are aware that nation-state attackers are targeting their company’s knowledge assets for purposes of economic espionage.
Among the assets deemed most valuable to attackers are private communications (emails, texts, social media posts), product information and presentations—yet these are the very assets that are most difficult to secure, with only 16% of respondents indicating their companies secured them effectively.
Why are companies failing to effectively protect knowledge assets? Lack of in-house expertise (73%, up from 67% last year), lack of clear leadership (55%) and insufficient staffing (47%, up from 38% last year) lead the short list of reasons.
What can organizations do to quickly and cost-effectively improve their IT security posture with respect to these highest-value information assets?
Virtual Security Services
Virtual Security Organization (VSO) services, often referred to as vCISO, specifically target these critical issues:
Quick disclaimer – We try not to promote our services directly in our blog posts but we are finding so many organizations just don’t know that PPS and other information security firms provide these services…
- Lack of in-house expertise.
Bring on-demand expertise in-house as you need it—from network and application security to governance, risk and compliance (GRC) support to security awareness education. Your security team now includes a dozen+ subject matter experts.
- Lack of clear leadership.
Our VSO services can include the leadership of a virtual Chief Information Security Officer (vCISO). Many organizations don’t need a full-time CISO on staff. But they can still benefit greatly from “C-level” security skills and experience to guide their InfoSec programs and priorities. A vCISO can provide the oversight and direction a business needs to succeed with critical initiatives at a fraction of the cost of a full-time CISO.
- Insufficient staffing.
Businesses of all sizes are feeling the pain of the information security talent shortage. Pulling in the staff you need on-demand or running your InfoSec program as a fully managed service are both viable and cost-effective alternatives to bridge staffing gaps while getting maximum value from security expenditures.
If you have questions, or would like more information about how Pivot Point Security’s VSO services can complement your existing information security program to fill key roles and reduce risk, please contact us.
We also invite you to download our free vCISO infographic, which describes the security roles every organization needs to address. Our free vCISO roadmap is also available for those considering hiring a new vCISO.
More Virtual Security Services Information:
- Why It Takes a Village to Make a vCISO Effective
- Avoiding common pitfalls in vCISO engagements
- 3 reasons why a vCISO might be better for your company than a “traditional” CISO
- vCISO organizational structure