NetWitness - Total Network Knowledge™


Products NextGen Overview Infrastructure Products Decoder Concentrator Broker Applications Informer Investigator SIEMLink API/SDK Tech-in-Depth Live Freeware Solutions Overview By Challenge Incident Response Data Leakage Data Governance By Industry Financial Services Government Law Enforcement Protection of Customer Data Resources Overview Webcasts Press Releases In the News Events Partners Overview Company Management Team Board of Directors Careers Contact Us

June 23, 2009 | NetWitness and MIS Training Institute Release Results of CISO Information Security Survey

Concerned About Data Breaches, CISOs Continue to Rely Primarily Upon Traditional Approaches in Spite of Emerging Threats

HERNDON, VA – June 23, 2009 – NetWitness Corporation, the provider of the award-winning NextGen network security solution, and MIS Training Institute, the international leader in audit and information security training, today released the results of an information data loss survey conducted at the 6th Annual CISO Executive Summit in Lisbon, Portugal this month. The survey interviewed CISOs, CSOs, and information risk managers from over 20 countries in an attempt to identify the investment and management challenges, priorities, and decisions faced by information security leaders today.

Some highlights of the survey results include:

97 percent of the respondents are “very concerned” or “concerned” about data breaches and information theft, while three percent are not worried because they believe their network is already secure.
There was an overwhelming consensus – 80 percent – among CISOs that insiders, including employees and contractors, are the greatest human threat to data. Only 18 percent reported concern over the threats coming from external sources such as cyber criminals and nation-sponsored attacks such as corporate espionage.
One in 10 CISOs reported they are not planning on spending anything on security this year and are trying to just survive with their existing technology investments.
26 percent view governance, risk and compliance (GRC) verification as the primary business driver for security spending in the next 12 months.
One-third of respondents believe firewalls alone provide adequate protection against data leaks. A quarter of CISOs reported they do not have the correct data leakage protection technology or just do not know what they should have.

We decided to conduct this survey with NetWitness as a precursor to the CISO Summit to better understand the thinking of top security executives, the challenges they believe are most critical, and the technologies and budget levels they currently have in place,” said Sara Hook, Conference Director for EMEA at MIS Training Institute. “Obviously, some of the results were not that surprising, for example, data breaches and insider threats continue to be historical security concerns for CISOs. What is really alarming, however, is the misperception that traditional security approaches alone can protect against information leaks, and that some CISOs were not sure what they need for data protection or were not planning to focus any money in that area this year.”

In addition, the survey revealed that nearly 80 percent of CISOs surveyed do not view growing threats from state-sponsored and organized criminal groups as potentially harmful to their data. This opinion stands in sharp contrast to numerous press reports describing external data breaches across all sectors indicating that financial and material losses from cyber crime are on the rise and those criminals are stealing sensitive information and selling this competitive intelligence for profit.

“Most of us have excelled at preparing for the static cyber threat environment we studied when we took our CISSP exam in 1995 or 2000,” said NetWitness CSO Eddie Schwartz. “In a world of well-funded and organized external adversaries and tech-savvy insiders, however, it can be dangerous and costly to rely solely upon traditional security concepts such as defense-in-depth and signature-based technologies. To be successful in 2009 and beyond, CISOs must invest in the type of fluid cyber intelligence that can only be obtained through continuous augmented awareness of the true content and context of all network communications across the enterprise. NetWitness NextGen provides a powerful solution for achieving this objective within any size enterprise.”

NetWitness and MIS Training Institute derived this data from online interviews with over 60 information security professionals during the month of June. NetWitness plans to continue surveying CISOs at upcoming events during the remainder of 2009. For additional information regarding this survey, please contact: marketing@netwitness.com.

About MIS Training Institute
Founded in 1978, MIS Training is the international leader in audit and information security training, with offices in the UK, USA and Asia. MIS' expertise draws on experience gained in training more than 200,000 delegates across five continents. MIS presents training seminars and conferences in the areas of internal and IT audit; information security; networks; e-commerce applications; Sarbanes Oxley; operating platforms; and enterprise applications; SAP. MIS Training is a subsidiary of Euromoney Institutional Investor. Please visit www.mistieurope.com for more details .

About NetWitness
NetWitness Corporation provides patented and award winning, next generation security solutions that help government and private organizations discover, prioritize and remediate complex IT risks. Users of NetWitness NextGen and InSight solutions concurrently solve a wide variety of information security problems including: advanced persistent threat management; sensitive data discovery and advanced data leakage detection; malware activity discovery; insider threat management; policy and controls verification and e-discovery. Originally developed for the US Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis and host-based risk discovery and prioritization. NetWitness customers include Defense, National Law Enforcement and Intelligence Agencies, Top US and European Banks, Critical Infrastructure, and Global 1000 organizations. NetWitness has offices in the U.S. and the U.K. and partners throughout North and South America Europe, the Middle East, and Asia. For more information and to download a copy of the freeware version of our software visit: http://www.netwitness.com .

To download the freeware version of NetWitness Investigator, visit http://download.netwitness.com . For more information about securing your entire organization with NetWitness NextGen, contact: sales@netwitness.com . Twitter handle: NetWitness .

Download MIS Training Institute's Report of CISO Information Security Survey

Support

Community

Blog