sb-au logo
Story image

Black Hat survey reveals critical security concerns facing enterprises

Black Hat has released the results of its 2016: The Rising Tide of Cybersecurity Concern report, revealing some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises.

The report is in anticipation of the upcoming Black Hat USA event. This year’s report is based on survey responses from 250 attendees of the 2015 Black Hat USA conference.

According to Black Hat, in 2015 the security specialists began compiling responses for a survey with the intent to gauge the attitude and plans of some of the most experienced and highly trained cybersecurity individuals – attendees of the Black Hat conference. In just a year, the event has recorded significant shifts towards an increased strain on the industry.

The most notable trends can be divided into three categories spanning issues related to future threats, a decreasing workforce and neglected spending priorities, Black Hat says.

Cybersecurity in Crisis Security professionals' concerns associated with major breaches have only increased since last year, the report shows.

In 2015, 37% of respondents said it was either "highly likely" or that they "have no doubt" that they would face a major breach in the next 12 months; in 2016, that figure has risen to 40%.

Raising the need for concern, nearly 75% of security professionals say they do not have enough staff to defend their organisations against current threats. 63 percent directly relate this to a lack of budget.

The Deepening Skills Gap “There is no question that the shortage of skilled security professionals has become one of the most critical problems facing organisations today,” Black Hat says.

According to the report, 72% of organisations say they do not have enough staff to meet current threats. 37 percent say a shortage of qualified people and skills is the primary reason why security strategies and technologies continue to fail in today's industry. Alarmingly, more than two thirds of security pros (67%) say they themselves do not have enough training to handle current threats.

Security Spending's Priorities Gap Even with the growing fear of future threats and lack of skilled professionals in the field, the gap between security professionals' primary concerns and their dedicated expenditures is widening, the report reveals.

“Organisational priorities such as compliance and risk measurement consistently reduce the time/budget available for security professionals to resolve issues they consider the most critical,” says Black Hat.

“These pressing issues include targeted attacks, social engineering, and internal application security troubleshooting. Although the 2015 report revealed this trend, rather than a reverse in expenditure behavior, the issue has continued to increase.”

Additional Key Findings

  • 37% see the re-emergence of ransomware as the greatest new threat to appear in the last 12 months
  • The attacker that 36% of security professionals fear most is the one with internal knowledge of the organisation
  • While the emergence of the so called Internet of Things (IoT) has garnered much attention in recent years, only 9% of those surveyed are currently concerned with IoT security. However, 28% believe this will be a concern two years from now. This ranking has not altered since 2015.
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Link image
Remote working remains a high-risk endeavour
A remote workforce needs phishing protection, automated incident response and security training to avoid the worst from happening. Here's how to get there.More
Link image
Why the e-commerce sector requires understanding of metrics
CTO's of e-commerce companies need to prioritise quality gathering and analysis of large volumes of data.More