Are You Wasting Your Security Budget On the Wrong Threats? RSA Survey

blackhatatendeesurveyA survey of security professionals attending the 2015 Black Hat conference has revealed that security pros’ major concerns about organizational security are not well reflected in their workloads or in IT budgets.

Security professionals told the authors of the 2015 Black Hat Attendee Survey that they were concerned with attacks specifically targeting their organizations, phishing, and social engineering schemes, and accidental leaks by end users, yet the authors of the report wrote that the results indicated that “most enterprises are not spending their time, budgets, and staffing resources on the problems that most security-savvy professionals consider to be the greatest threats.”

Forrester CIAM Market Overview 180Complementary Report: Market Overview, Consumer IAM Solutions

  • Identify the advantages and risks of customer facing IAM
  • How poor customer IAM leads to poor customer experience.
  • Evaluate market leaders

The survey, conducted by Black Hat at its July 2015 conference in Las Vegas asked 460 participants their greatest security concerns going forward in 2015. Of the 460 respondents, 25% are in the lead security role at their businesses, 61% have a full-time security job, and 47% work in businesses with over 5,000 employees.

Survey respondents were most concerned about sophisticated attacks directly targeting the organization (57%), phishing or social engineering (46%), accidental data leaks by end users (21%),  and advanced malware threats (20%).

However, survey respondents noted that organizational budgets and workload priorities were not in line with their own security concerns and particular pain points. Only 26% of respondents said that targeted attacks make up the largest portion of their IT security budgets. In contrast, compliance, which did not figure in IT workers top concerns, came in third place for budget concerns.

Survey respondents also identified understaffing of security teams as a particular industry pain point. Only 27% of respondents said that they felt they had adequate security staff, while 51% said that they could use “a little help,” and 22% said that the number of security employees is inadequate.

You can view the 2015 Black Hat Attendee Survey in full here.

Centrify - Practical Path to Unified Identity Across Data Center, Cloud and MobileComplimentary Whitepaper: A Practical Path to Unified Identity Across Cloud, Data Center, and Mobile.

  • Best practices for identifying and addressing a fractured identity environment.
  • How to address identity management in the cloud.
Jeff Edwards
Follow Jeff