Better to be secure, or to feel secure?
GCN Insider | Survey says 99 percent of CIOs, CISOs feel more secure this year than last
- By William Jackson
- Aug 10, 2007
A recent customer survey by Patchlink of 250 chief information officers and chief information security officers contained some good news: 99 percent of respondents said they feel more secure this year than last. This is an increase from 92 percent who said they felt more secure last year than the year before.
This is an unexpected item, considering the gloom and doom that generally accompanies information technology security assessments; most trends seem to indicate that we're on a highway to hell.
'That's a little surprising,' said Matt Mosher, Patchlink's senior vice president for the Americas. Like any statistic, this one is open to interpretation. 'I don't think it means 'I am secure, but 'I feel more secure,' ' he said. It is a subjective assessment, and Mosher speculated it might be driven in part by a feeling among CIOs and CISOs that they should be getting some return on all that money they have been spending on security.
One thing they apparently have to feel more secure about is the fact that 99 percent of respondents ' we don't know if it is the same 99 percent ' also said they are sending critical updates and patches to their IT systems within eight hours. Twenty-nine percent are getting them out within two hours. That's about double the number reporting those response times last year.
Processes for patch management are improving, Mosher said, and administrators are moving patches out more aggressively. This is at least partly because of a growing confidence in tools that scan for vulnerabilities and test patches on specific
This is more good news, but as anyone who has ever been in an orchard knows, once you pick the low-hanging fruit, you find another one hanging right above it. Now that patching is under control, the greatest security concern reported in the survey is zero-day vulnerabilities, those problems for which no patch is available. It's always something.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.