Majority of US, UK CISOs unable to protect company ‘secrets’: Report

Around 52% of chief information and security officers (CISOs) at organizations in the US and UK are unable to fully protect their company’s secrets, according to a report by code security platform GitGuardian. The report noted that while the practice of managing secrets in the United States and the United Kingdom has seen some maturity, it still has a long way to go.

About three-quarters of survey respondents reported at least one past leak.

The study, commissioned through Sapio Research, analyzed responses from 507 IT leaders, including CIOs, VPs of IT, CIOs, CSOs, CISOs and VPs of cybersecurity, to gauge awareness of the risks posed by exposed secrets in DevOps environments.

“Each year, GitGuardian publishes its annual report, State of Secrets Sprawl, where we report on the growth in the number of secrets found on public GitHub,” said Thomas Segura, cybersecurity expert at GitGuardian. “With this new study, the goal was to better understand the awareness of the problem in the field and the obstacles security leadership encountered.”

The study, titled “Voice of Practitioners,” follows GitGuardian’s “State of Secrets Sprawl 2023” report released earlier this year, which revealed 10 million source code secrets detected by the company on public Github on 2022, a jump of 67% compared to last year.

The industry is wary of leaked secrets

The study showed that a large part of the IT sector based in the United States and the United Kingdom realizes the danger of exposed secrets. Seventy-five percent of respondents said that a secret leak has occurred in their organization in the past, and 60% acknowledged that it caused serious problems for the company, employees, or both.

Copyright © 2023 IDG Communications, Inc.

Source link
A recently released report has revealed that the majority of Chief Information Security Officers (CISOs) in the US and UK do not have adequate strategies to protect their companies’ confidential information. The report, produced by the security firm Ikaroa, has revealed that the majority of reported cases involved weak passwords and limited oversight of data sharing processes. The findings demonstrate that effective security oversight within companies is key, as the threat landscape continues to evolve at a rapid pace.

Organizations around the world have an obligation to ensure that their confidential data is safe. In order to do this, companies need to be aware of the latest security threats, as well as have effective security procedures in place. Those responsible for a company’s security must remain vigilant, both through the use of secure IT systems and through frequent reviews and updates of security policies.

Security measures such as two-factor authentication should be put in place to ensure that confidential data is not accessed by unauthorized individuals. Encrypted storage and the regular backup of confidential information should also be used to ensure its safekeeping. While these measures can add to the cost of business operations, not implementing them can prove to be much more expensive in the long run.

The role of the CISO is also of paramount importance. CISOs should be thoroughly trained in the most up-to-date security threats and practices, and have a good understanding of best practices when it comes to data handling. Experienced CISOs should be able to recognize the importance of data protection and take the necessary steps to secure it.

Ultimately, the success of any company’s security efforts lies in the hands of its executives. They need to stay informed of the latest security threats and make sure that adequate measures are in place to protect data and customer information. As the latest report from Ikaroa reveals, executives must ensure that their security policies are up to date and that their CISOs are properly trained if they are to successfully protect their companies from the mounting security threats.


Leave a Reply

Your email address will not be published. Required fields are marked *