Concerns about resources gaps and effectiveness of senior management

Security BSides, the community-driven event built for and by information security community members, has published the results of its Security BSides London Attendees Survey 2017, co-ordinated by Digital Guardian. The survey collected responses from 187 full-time security industry professionals attending the London event, with a view to getting an insider’s outlook on the current cyber security climate.

  • 7 years ago Posted in
The most notable highlights of the survey include:
 
Users and their behaviours are the industry’s biggest challenge
Security professionals were asked what they believe to be the industry's biggest challenge. More than a third (36%) suggested issues around user education and behaviour, while 28% said that skills shortages and recruitment issues are the biggest challenge. 
 
Nation states are over-hyped and insiders are overlooked
Of a range of threats often cited in popular security media, security professionals said that the most over-hyped threats are:
 
1. North Korea, with 32% of responses
2. NSA/Government bodies, with 19% of responses
3. Russia, with 17% of responses
 
Meanwhile, just under half (47%) of respondents said that uneducated users and insiders are the most overlooked threat today.
 
Resources gap between insider and outsider threats
The vast majority (92%) of security professionals said that the industry is deploying more resources in tackling outsider threats, and yet almost three quarters (71%) said businesses should be more concerned about insider threats. 
 
Furthermore, when it comes to general security decision-making, only 9% of respondents said that senior management are making good decisions around security strategy and spending. 
 
Asked what elements of security strategy or spending they would change if they were senior management, the top areas for improvement are:  
 
1. Education and awareness, with 65% of responses
2. Budgets, with 32% of responses
3. Make security a greater priority, with 30% of responses
4. Recruitment of security professionals, with 22% of responses
 
Commenting on the results, Thomas Fischer, Director of Security BSides London and Global Security Advocate at Digital Guardian said: “The insider threat, be that from malicious or uneducated users, has been underestimated for years. Businesses are still operating with a mentality that they need to ‘build higher walls’, but the truth is that the real threat to our data is likely already inside – either with or without intent.  If you add to that users’ expectations of technology - accessibility anytime, any place, anywhere and from any device – you have a perfect storm for a security mishap.”
  
He added: “At a time where businesses are facing an unprecedented volume of attacks, it’s concerning to see such a disconnect between those making security spending and strategy decisions, and those implementing them. This is something that the industry must address and it’s what makes events such as Security BSides all the more important in fostering collaboration and discussion between security professionals, regardless of experience or job role.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...