- Published: Wednesday, 27 January 2021 09:19
A negative communication cycle between vendors, IT leaders, and employees is resulting in organizations failing to respond to threat warnings, according to a Kaspersky survey of cyber security decision-makers. Almost six in 10 security leaders admit they find it difficult to action protective insights for their enterprise off the back of information provided by their security vendors. A similar percentage also believe the information they are given isn’t relevant to their organization.
These are just two concerning statistics identified by the research into the communications gap between vendors and enterprises. A resultant negative cycle of unprotected infrastructure on one side, and a lack of progressive insight being attained on the other, highlights the need for a change of approach for both.
More than eight in 10 cybersecurity decision-makers – primarily Chief Information Security Officers (CISOs) – agreed that they would like to work with a vendor that demystifies cyber security for their organization. The issue at present is the information being relayed is having the opposite effect: 63 percent believe that messages are too complicated to convey to the rest of their business, while almost 60 percent believe it would take too much time and resource to even try.
Clearly there is a messaging disconnect but decision-makers believe this is triggered at the beginning by the vendors themselves. As many as 58 percent claim this is because the vendors they work with don’t understand the threats they’re facing. The reality seems to be more of a vicious cycle between the two parties, resulting in businesses being left exposed through a lack of tailored defence, and vendors unable to remedy the situation through a lack of tailored insight.
David Emm, principal security researcher at Kaspersky, said: “These results highlight an alarming disconnect between vendors and enterprises, leading to flaws in cyber-defences and a lack of the right technologies being harnessed to ensure strong cyber security posture. However, this can be reversed with better communication and understanding of what enterprises require in order to protect their sensitive data, and it is up to the vendor community to drive this change.”