Wednesday, July 20, 2016

Lack of resources to face threats

We need qualified personnel, we need awareness in high positions, and we need a bigger integration of the security solutions. Almost three-quarters of the cybersecurity experts blame to these three problems the main concerns of today of the corporate environments. The results came from a report made by questionnaires sent by the organization of the BlackHat conference

The first answers were gathered on 2015. The purpose of the survey was to evaluate the attitude and the plans of some qualified expert of this matter and with a high grade of skills, among the assistants to the BlackHat. One year after, the survey records shows an increase in the way of how they manage these questions. The most notable trends today could be divided on three categories related to future menaces, the decreasing labor and the unattended spend priorities.

The cybersecurity professionals are more worried today than a year ago on the main threats. In 2015, the 37% of respondents said it was either "highly likely" or that they "have no doubt" that they would face a major breach in the next 12 months; in 2016 that figure has risen to 40 percent. But add to this concern we found three out of four (the 75%) of the respondents say they don't have enough qualified staff to defend their organizations against current threats. If we add more than the half (63%) directly relate this to a lack of budget, we have a delicate cocktail on our hands.

Also, if we have to find a main cause of why the "strategies and security technologies still failing in the present industry", the 37% of the respondents confirm is the lack of qualified personnel and, even more serious, the shortage of specific skills. "Alarmingly", 67% percent of security pros say they, themselves do not have enough training to handle current threats.

In this scenario we would think the fear to future menaces and the need of rely on better professionals would be an incentive for the investment. Nothing could be further from the truth, because the gap between security professionals primary concerns and their dedicated expenditures is widening. The objectives of compliance and risk measurment are pull away due to the systematic time and budget reduction to resolve issues that the security professionals consider the most critical. Among them, targeted attacks, social engineering, and internal application security troubleshooting. The past report had revealed this tend, but it was useless, because it's (as we see) an increasingly concerning.

As additional result, we must mention the 37% see the re-emergence of ransomware as the greatest new threat. What 36% of the security professionals fear most is the one with internal knowledge of the organization. And against the last trends, only 1 in 11 (9%) are currently concerned with IoT security. However, there are many more professionals (28%) thinking this will be a concern two years from now.

In addition to this phenomenal studio, we recommend today the read of the 'whitepaper' made by Imperva Incapsula about the protection strategies against a DDoS attack, as well as the recent survey 'Infosecurity Europe 2016' of Tripwire dedicated to ransomware.

Source: Net Security.


Post a Comment