Security Pros Feeling the Heat

Tuesday, February 23, 2016 @ 05:02 PM gHale

The incredibly intense nature of securing a network against attacks seems to be getting the best of security professionals.

That is because six out of ten security professionals said a successful cyber attack will likely occur this year, according to a new report.

Security Pros Confident in Attack Detection
Tracking ICS Threats Difficult
Attacks Grow in Oil and Gas
New Attack Divulges Password Length

“In 2014, only four in 10 survey participants believed that a successful cyber attack targeting their organization was likely to occur in the coming year. Today, that number has grown to six in 10 and is likely to rise,” said Steve Piper, chief executive of CyberEdge Group.

CyberEdge Group surveyed 1,000 IT information security decision makers and practitioners from 10 countries, five continents, and 19 industries.

The survey found network breaches are rising, confidence is falling, the number of BYOD deployments is shrinking, and IT organizations are fed up with today’s inadequate endpoint defenses.

“Despite record security spending, savvy IT professionals know that it’s no longer a question of ‘if’ their network will become compromised, but ‘when,’ ” Piper said. “Smart CISOs must strike a balance between threat prevention and detection investments, as both are critical in the fight against today’s sophisticated threats.”

Here are some of the key findings of the report:
• Security takes a bigger bite. This year, 85 percent of responding organizations said they are spending more than 5 percent of their IT budgets on security, up from 70 percent in 2015.
• Rising attacks, dwindling optimism. Seventy-six percent of responding organizations suffered from the affects of a successful cyber attack in 2015 – up from 70 percent in 2014 and 62 percent in 2013. When asked about the likelihood of a network breach occurring in the coming year, 62 percent felt it was more likely than not – up from 52 percent a year ago.
• Endpoint protection revolution. For three consecutive years, information security decision makers have expressed growing dissatisfaction with their current endpoint security defenses. This year, 86 percent said they intend to replace (42 percent) or augment (44 percent) their current endpoint protections.
• BYOD backpedaling. The percentage of organizations with active BYOD deployments dropped for the third consecutive year – from 31 percent in 2014 to 26 percent in 2016.
• Must-have network security investments. Next-generation firewalls are the top-ranked network security technology planned for acquisition in 2016, followed by threat intelligence services and user behavior analytics.
• Mobile devices still in the crosshairs. For the second consecutive year, mobile devices are perceived as IT’s weakest link. In total, 65 percent of information security decision makers witnessed an increase in mobile threats over the prior year.
• Malware and spear-phishing continue to cause headaches. Malware and spear-phishing top the list of threats causing the greatest concern among respondents for the third-consecutive year.
• Massive exposure to SSL blind spots. Only a third of responding organizations have the tools necessary to inspect SSL-encrypted traffic for cyber threats, revealing a gaping hole in enterprise security defenses.
• Employees are still to blame. For the third consecutive year, low security awareness among employees tops the list of barriers to establishing effective security defenses.

Survey participants also worry about an overwhelming volume of security event data, lack of skilled personnel, and lack of available budget.