A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.
Some 73% of companies prefer to purchase from technology providers that are transparent and proactive in helping organizations manage their cybersecurity risk, a study released Monday by Intel finds. Yet, 48% of respondents said their technology providers don't offer this capability, according to the Intel study.
Building security and privacy into products from concept to retirement is not only a strong development practice but also important to enable customers to understand their security posture and truly unleash the power of data, Intel said.
"Security doesn't just happen. If you are not finding vulnerabilities, then you are not looking hard enough," said Suzy Greenberg, vice president of Intel product assurance and security, in a statement.
Organizations want a transparent approach to security assurance so customers feel empowered, and they expect vendors to deliver product innovations that build defenses at the foundation, protect workloads and improve software resilience, Greenberg said.
Other key findings include:
76% of respondents said it is highly important that their technology provider offer hardware-assisted capabilities to mitigate software exploits.
64% of respondents said it is highly important for their technology provider to be transparent about available security updates and mitigations. Forty-seven percent say their technology provider doesn't provide this transparency.
74% of respondents say it is highly important for their technology provider to apply ethical hacking practices to proactively identify and address vulnerabilities in its own products.
71% of respondents said it is highly important for technology providers to offer ongoing security assurance and evidence that the components are operating in a known and trusted state.
Vendor characteristics that affect purchase decisions
The key findings indicate that specific vendor characteristics affect purchase decisions. In some cases, there is a significant gap between the importance of these characteristics and the ability of the provider to have the capability, according to the Intel study.
Transparency about security updates and available mitigations
Vendor's ability to identify vulnerabilities in its own products and mitigate them
Ongoing security assurance and evidence that the components are operating in a known and trusted state
Hardware-assisted capabilities to help protect distributed workloads and data in use, and to defend against software exploits.
While 66% of respondents said it is very important for their tech provider to have the capability to adapt to the changing threat landscape, 54% said their providers don't offer this capability, the study said.
Further, while 30% said their organizations can patch critical or high priority vulnerabilities in a week or less, on average, it takes almost six weeks to patch a vulnerability once it is detected, according to the Intel study.
The delays in patching are mainly caused by human error (63%), the inability to take critical applications and systems offline in order to patch quickly (58%) and not having a common view of applications and assets across security and IT teams (52%).
Developing the strongest products requires power, performance and security, Intel said. Security capabilities rooted in hardware not only provide security assurance against current threats but also improve software reliability and provide additional layers of protection at the foundation and across workloads to protect against future threats, the company added.
The study is based on a survey of 1,875 individuals independently conducted by Ponemon Institute in the United States, the United Kingdom, Europe, the Middle East and Africa and Latin America who are involved in overseeing the security of IT infrastructure for their organization, Intel said.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)