CompTIA 11th Annual Information Security Trends

2,528 views
2,246 views

Published on

Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to a new study released by CompTIA, the non-profit association for the information technology industry.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,528
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
87
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Security is a top priority for firms among many different IT initiatives, and many firms expect to increase their focus in this area over the next to years. For all this focus, though, companies may not be analyzing their security situation as thoroughly as possible.
  • Malware and hacking continue to be the top security concerns. Given the wide range of threats today, companies should take a more balanced view of the different ways they can be attacked, paying special attention to the threat of human error.
  • There is also not much adoption in a range of new security defenses or techniques beyond DLP. Especially for smaller businesses, these new tools can address areas of exposure brought on by usage of new technology.
  • Even though companies do not cite human error as a major concern, it accounts for over half of the root cause of security breaches. This is generally not malicious activity but simply a lack of awareness for policies and procedures.
  • Although 82% of businesses feel that their security systems are completely or mostly satisfactory, they may be basing this on historical activity. With only 13% of companies drastically changing their security approach over the past two years (a time of major technology disruption), many firms may want to refresh their analysis.
  • Formal risk assessment has become a necessary part of security planning as it is impossible to keep all corporate data behind a firewall. Companies need to assess which data they could allow in public cloud providers and on mobile devices.
  • As with the view on overall security, a more robust examination of risk tolerance may lead to areas where more risk can be accepted or security needs to be tightened up.
  • Addressing the human element begins with raising the level of security literacy across the entire workforce. Over half of all companies believe that their workforce may have a lower understanding of policy, which can lead to mistakes when faced with new situations.
  • Many organizations are beginning to use new technology first and worry about the security implications later. This is especially true when it comes to cloud computing, mobility, and Big Data.
  • A first step in securing cloud data is understanding what steps a cloud provider takes for security. From there, companies can add on the pieces they need to ensure that their assets are secure.
  • Although incidence of mobile malware has risen rapidly in the past year, many companies still do not list it as a top concern (lost/stolen device takes that spot). As different kinds of mobile attacks increase, companies will need to build the skills needed for mobile security.
  • The reliance on digital data and the interest in Big Data solutions has increased the focus on data security. Many companies need to start with basic data management, as shown by the fact that 22% of companies believe data has been lost over the past year but do not know which data has been compromised.
  • CompTIA 11th Annual Information Security Trends

    1. 1. CompTIA’s th 11 Annual Information Security Trends
    2. 2. Most Companies Expect to Maintain High Focus on Security 37% Significantly Higher Priority 28% 44% Moderately Higher Priority 51% 17% No Change Moderately or Significantly Lower Priority 18% 2% 3% 2 Years from Now Forecast Compared to 2 Years Ago Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
    3. 3. Assessing the Cybersecurity Landscape Security Concern Change in Trend Moderate Concern Serious Concern No Change / Less Critical Today Malware (e.g. viruses, worms, trojans, botnets, etc.) 38% 53% 52% 48% Hacking (e.g. DoS attack, APT, etc.) 42% 44% 53% 47% Social engineering/Phishing 45% 37% 62% 38% Data loss/leakage 46% 35% 70% 30% Understanding security risks of emerging areas, i.e. cloud, mobile, social 49% 32% 61% 39% Physical security threats (e.g. theft of a device) 42% 28% 72% 28% Intentional abuse by insiders, i.e. staff, contractors 42% 26% 76% 24% Lack/inadequate enforcement of company security policy 45% 23% 77% 23% Lack of budget/support for investing in security 42% 23% 76% 24% Human error among IT staff 47% 22% 80% 20% Human error among general staff 55% 21% 76% 24% Security Threats More Critical Today Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
    4. 4. Security Defenses in Use Data Loss Prevention Large Firms Medium Firms Small Firms 71% 54% 55% 61% Identity and Access Management 43% 39% 51% Formal risk assessment 40% 35% 44% Security Information and Event Management 37% 32% 41% Enterprise Security Intelligence 34% 22% 40% External Vulnerability Assessments 25% 28% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
    5. 5. Human Element a Major Part of Security Risk Factors in Security Breaches Top Human Error Sources Human Error 55% 45% Technology Error 42% End user failure to follow policies and procedures 41% IT staff failure to follow policies and procedures 39% Lack of security expertise with website/applications 38% Lack of security expertise with IT infrastructure Source: CompTIA’s 11th Annual Information Security Trends study Base: 320 end users experiencing security breaches/244 end users with human error issues
    6. 6. Change in Security Approach Over Past Two Years 51% 36% View of Drastic/Moderate Change by Job Function 70% Business Function 13% 69% IT Function 44% Executives Drastic amount of change Moderate No amount of change/small change amount of change Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
    7. 7. Formal Risk Analysis Not a Part of Security Planning for Most Companies Planning to Use Currently Using 33% 41% No plans/Not familiar 26% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
    8. 8. Balancing Risk and Security Reasons to Mitigate Security Risk Reasons to Accept More Security Risk 66% 67% Nature of emerging threats 66% Desire to use new technology 56% Result of security evaluation 63% Changing security landscape 50% New business model/offerings 53% Potential business benefits 18% 17% Too Much Appropriate Security Balance Too Stringent Risk Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
    9. 9. Rating of Workforce Security Mindset 44% 48% 8% Advanced – Understand Policies and Try to Stay Compliant Basic – Unfamiliar with Some Details but Generally Aware Low Priority – More Focused on Work Tasks and Less on Security Source: CompTIA’s 10th Annual Information Security Trends study Base: 306 end users experiencing security breaches over past year
    10. 10. Changes on the Technology Landscape Affecting Security Rise of social networking 52% Cloud Computing 51% Availability of easy-to-use hacking tools 49% Interconnectivity of devices/systems 48% Sophistication of security threats 47% Growing organization of hackers 47% Volume of security threats Consumerization of IT 39% 33% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
    11. 11. Review of Cloud Provider Security Amount of Review Done by End Users Areas Reviewed by End Users • Identity and access management • BC/DR plans of cloud provider • Data integrity assurances 40% • Data encryption at rest and in transit 29% 14% Little/None/ Moderate Don’t Know • Data and backup retention policies • Regulatory compliance of provider Heavy • Credentials held by provider • Geographic location of data centers 17% say it depends on situation Source: CompTIA’s 11th Annual Information Security Trends study Base: 435 end users with cloud solutions
    12. 12. Mobile Security Incidents Within Businesses Lost/stolen device Mobile malware Employees disabling security features Mobile phishing attack Violation of policy on corporate data None of the above 2013 2012 39% 38% 28% 19% 26% 19% 24% 20% 23% 25% 31% 34% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
    13. 13. The Growing Threat of Data Loss Experiencing Data Loss in the Past Year Types of Data Lost 55% 50% 25% Data about employees Intellectual property 28% Definitely 43% 42% 19% Corporate financial data Customer data 22% Believe data was lost, but not sure which data Probably 6% Don’t Know No Yes Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 end users/190 end users experiencing data loss
    14. 14. As the voice of the IT industry, CompTIA has hundreds of tools, market intelligence reports and business training programs to help IT organizations grow through education, certification, advocacy and philanthropy. Check it out at www.comptia.org. Want to know about our research on the IT workforce? Visit http://www.comptia.org/research/it-workforce.aspx. comptia.org Want to know more?

    ×