Surveys conducted by two cybersecurity firms reveal C-level overconfidence, uncertainty and inattentiveness in regards to network security and insider threats increases the potential for a breach at many organizations.

The Sunnyvale, Calif.-based cybersecurity analytics company RedSeal's study uncovered a high level of confusion regarding security issues in the network infrastructure. Nearly 60% of the 350 C-level executives surveyed believe they can truthfully assure the board beyond a reasonable doubt that their organization is secure.

However, upon closer examination, the RedSeal study highlighted that less than a third of all respondents (32%) claim they have full visibility into their global network. On top of that, 86% of the respondents acknowledge gaps in their ability to see and understand what's really happening inside the network.

At the same time, 79% admit they can't effectively secure what they can't see or understand. When asked if they "know for a fact that their network is currently under attack by hackers," 29% said yes.

"It's remarkable how many executives say their networks are secure – until we drill down into the issue, and it becomes obvious not only that there are vulnerabilities, but also that many organizations have no idea where those weak spots are," Ray Rothrock, chairman and CEO of RedSeal, said. "This is exactly why corporations get breached so often even though they've invested in excellent security products."

The CEO maintained that the entire organization needs to treat security as a strategic, top-level issue. "The network is the business," he said.

Lack of attention to insider attacks is also a concern for security experts.

"Insider threats, whether malicious or accidental, pose a very real security problem for organizations. And they're on the rise," Mike Tierney, chief technology officer for Vero Beach, Fla.-based behavior analysis software vendor SpectorSoft, warned. "While there may not be as many publicized insider attacks, the ones that we do know about tend to be very damaging."

According to a recent survey conducted jointly by the SANS Institute and SpectorSoft, 74% of organizations are aware that they face a growing and increasingly serious insider threat, but most of these organizations have gaping security holes when it comes to protecting themselves against attacks.

What makes insider threats particularly effective is that the insider is somebody that has already defeated all of the organization's perimeter security and access controls.

"The insider typically knows what's of value, where to find it and how to get it," Tierney said, adding, "More and more we are starting to see the C-Level suite starting to wake up to this threat."

Tierney recommended organizations focus on detection and response. According to the SANS Institute/SpectorSoft survey, it takes almost 48 days to detect an insider breach and more than 11 days to respond in the financial/banking industry.

One threat that bears examining is from departing employees. "A tremendous amount of data theft and ID theft occurs when somebody leaves an organization," Tierney said.

Surveys reveal that one out of two employees think it's OK to take company information when they leave, and 40% think it's OK to use it at their next organization.

To effectively combat this threat, enterprises are increasingly adopting and leveraging User Behavior Analytics.

"The ability to quantify normal user behavior and detect aberrations is critical for organizations to easily identify and apprehend insiders who exhibit suspicious actions or behaviors that don't fall within normal user parameters," Tierney said.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).