Cybercrime Battle is Being Lost, Say CIOs

A recent survey by enterprise security firm Bromium has revealed that CIOs believe the battle against cybercrime is being lost.

The survey, which was conducted on behalf of Bromium by Vanson Bourne, asked questions of 400 Chief Information Security Offices from large U.S enterprises about the current state of cybersecurity.

Hackers may be a major risk, although end users are believed to pose the biggest network security threat. Even when security awareness training is provided to staff members, training is often forgotten and employees still engage in risky behavior. Policies and procedures are put in place to tackle the problem, although 85% of CIOs still believe employees are the biggest risk.

CIOs were also asked about the effectiveness of endpoint security systems. 68% of respondents said they believed endpoint security was now much less effective due to the sophisticated nature of cyberattacks. Hackers are using a variety of techniques to evade detection and bypass traditional defenses.

The survey revealed that one of the main problems is organizations expect end users to be able to identify threats and respond appropriately, yet employees are not IT workers. Their talents lie elsewhere, which is why they are not employed in the IT department.

All too often, employees are cited as the weakest link, yet as Bromium CEO Gregory Webb explains, “We need to accept that it’s unfair and futile to put the onus on users to defend the enterprise.” Webb went on to say, “HR needs to be able to open attachments, a marketer needs to look at social media without having to worry; it is simply impractical to lock people down or expect them to be the last line of defense.” Webb believes the detect-to-protect system is failing, saying it is like “sending SOC teams into a gun fight with a knife.”

Rather than expecting – or hoping – that employees will not open malicious email attachments or click on links to malicious websites, technological solutions need to be implemented to deal with these issues. It is still important to provide security awareness training to staff members as part of an enterprise’s risk management efforts, but without appropriate technological solutions it is no surprise that CIOs feel they are losing the battle against cybercrime.

Bromium is one of a number of companies tackling the problem in a different way. The company has recently released a new platform that reduces reliance on employees to identify and respond to cybersecurity threats. The platform allows employees to concentrate on their jobs without worrying about IT security, while IT teams can concentrate on more important matters than responding to alerts from panicked employees. By implementing a more effective solution, organizations are able to concentrate on strategic defense initiatives rather than having to constantly respond to security alerts.

Bromium’s solution is to use CPU-enforced micro-virtualization. Since each employee works on a disposable isolated micro-virtual machine, the actions of each employee do not threaten an entire organization’s network.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of