Users and their behaviours are the industry’s biggest challenge
Security professionals were asked what they believe to be the industry's biggest challenge. More than a third (36%) suggested issues around user education and behaviour, while 28% said that skills shortages and recruitment issues are the biggest challenge.
Nation states are over-hyped and insiders are overlooked
Of a range of threats often cited in popular security media, security professionals said that the most over-hyped threats are:
1. North Korea, with 32% of responses
2. NSA/Government bodies, with 19% of responses
3. Russia, with 17% of responses
Meanwhile, just under half (47%) of respondents said that uneducated users and insiders are the most overlooked threat today.
Resources gap between insider and outsider threats
The vast majority (92%) of security professionals said that the industry is deploying more resources in tackling outsider threats, and yet almost three quarters (71%) said businesses should be more concerned about insider threats.
Furthermore, when it comes to general security decision-making, only 9% of respondents said that senior management are making good decisions around security strategy and spending.
Asked what elements of security strategy or spending they would change if they were senior management, the top areas for improvement are:
1. Education and awareness, with 65% of responses
2. Budgets, with 32% of responses
3. Make security a greater priority, with 30% of responses
4. Recruitment of security professionals, with 22% of responses
Commenting on the results, Thomas Fischer, Director of Security BSides London and Global Security Advocate at Digital Guardian said: “The insider threat, be that from malicious or uneducated users, has been underestimated for years. Businesses are still operating with a mentality that they need to ‘build higher walls’, but the truth is that the real threat to our data is likely already inside – either with or without intent. If you add to that users’ expectations of technology - accessibility anytime, any place, anywhere and from any device – you have a perfect storm for a security mishap.”
He added: “At a time where businesses are facing an unprecedented volume of attacks, it’s concerning to see such a disconnect between those making security spending and strategy decisions, and those implementing them. This is something that the industry must address and it’s what makes events such as Security BSides all the more important in fostering collaboration and discussion between security professionals, regardless of experience or job role.”