This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "CISO Survey 2013: Threats and risks"

Jump to: navigation, search
(start page)
(No difference)

Revision as of 18:50, 6 February 2014

Threats and risks

As with all good security strategies, we were first interested in the trends of potential sources of security threats to organizations and how CISOs are addressing them.

External threats are on the rise

More than 70% of CISOs noted that internal threats are staying pretty much on the same level, while over 80% can see external threats clearly on the rise. It appears CISOs are more and more confident about their internal controls addressing internal security threats, like insiders stealing data or abusing systems. This can be due to a variety of reasons, better internal policies and controls and tools that enforce these policies and protect against malicious agents within an organization. While on the other hand, external threats seem to be increasing dramatically. This might be due to a variety of reasons: An increase in awareness due to more disclosures about security breaches by external sources, the fact that the IT systems of organizations are more and more exposed to the Internet and with that to external threat agents, an increased number of external malicious actors and potentially an upgrade in the skills and weaponized attack tools of potential attackers.

CISO Survey 2013 1 external internal.png