Are You Wasting Your Security Budget On the Wrong Threats? RSA Survey
A survey of security professionals attending the 2015 Black Hat conference has revealed that security pros’ major concerns about organizational security are not well reflected in their workloads or in IT budgets.
Security professionals told the authors of the 2015 Black Hat Attendee Survey that they were concerned with attacks specifically targeting their organizations, phishing, and social engineering schemes, and accidental leaks by end users, yet the authors of the report wrote that the results indicated that “most enterprises are not spending their time, budgets, and staffing resources on the problems that most security-savvy professionals consider to be the greatest threats.”
Complementary Report: Market Overview, Consumer IAM Solutions
- Identify the advantages and risks of customer facing IAM
- How poor customer IAM leads to poor customer experience.
- Evaluate market leaders
The survey, conducted by Black Hat at its July 2015 conference in Las Vegas asked 460 participants their greatest security concerns going forward in 2015. Of the 460 respondents, 25% are in the lead security role at their businesses, 61% have a full-time security job, and 47% work in businesses with over 5,000 employees.
Survey respondents were most concerned about sophisticated attacks directly targeting the organization (57%), phishing or social engineering (46%), accidental data leaks by end users (21%), and advanced malware threats (20%).
However, survey respondents noted that organizational budgets and workload priorities were not in line with their own security concerns and particular pain points. Only 26% of respondents said that targeted attacks make up the largest portion of their IT security budgets. In contrast, compliance, which did not figure in IT workers top concerns, came in third place for budget concerns.
Survey respondents also identified understaffing of security teams as a particular industry pain point. Only 27% of respondents said that they felt they had adequate security staff, while 51% said that they could use “a little help,” and 22% said that the number of security employees is inadequate.
You can view the 2015 Black Hat Attendee Survey in full here.
- Best practices for identifying and addressing a fractured identity environment.
- How to address identity management in the cloud.
Jeff Edwards
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017
