A survey of security professionals attending the 2015 Black Hat conference has revealed that security pros’ major concerns about organizational security are not well reflected in their workloads or in IT budgets.
Security professionals told the authors of the 2015 Black Hat Attendee Survey that they were concerned with attacks specifically targeting their organizations, phishing, and social engineering schemes, and accidental leaks by end users, yet the authors of the report wrote that the results indicated that “most enterprises are not spending their time, budgets, and staffing resources on the problems that most security-savvy professionals consider to be the greatest threats.”
The survey, conducted by Black Hat at its July 2015 conference in Las Vegas asked 460 participants their greatest security concerns going forward in 2015. Of the 460 respondents, 25% are in the lead security role at their businesses, 61% have a full-time security job, and 47% work in businesses with over 5,000 employees.
Survey respondents were most concerned about sophisticated attacks directly targeting the organization (57%), phishing or social engineering (46%), accidental data leaks by end users (21%), and advanced malware threats (20%).
However, survey respondents noted that organizational budgets and workload priorities were not in line with their own security concerns and particular pain points. Only 26% of respondents said that targeted attacks make up the largest portion of their IT security budgets. In contrast, compliance, which did not figure in IT workers top concerns, came in third place for budget concerns.
Survey respondents also identified understaffing of security teams as a particular industry pain point. Only 27% of respondents said that they felt they had adequate security staff, while 51% said that they could use “a little help,” and 22% said that the number of security employees is inadequate.
You can view the 2015 Black Hat Attendee Survey in full here.
Widget not in any sidebars
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017