Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CompTIA 11th Annual Information Security Trends

3,297 views

Published on

Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to a new study released by CompTIA, the non-profit association for the information technology industry.

Published in: Technology
  • Be the first to comment

CompTIA 11th Annual Information Security Trends

  1. 1. CompTIA’s th 11 Annual Information Security Trends
  2. 2. Most Companies Expect to Maintain High Focus on Security 37% Significantly Higher Priority 28% 44% Moderately Higher Priority 51% 17% No Change Moderately or Significantly Lower Priority 18% 2% 3% 2 Years from Now Forecast Compared to 2 Years Ago Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
  3. 3. Assessing the Cybersecurity Landscape Security Concern Change in Trend Moderate Concern Serious Concern No Change / Less Critical Today Malware (e.g. viruses, worms, trojans, botnets, etc.) 38% 53% 52% 48% Hacking (e.g. DoS attack, APT, etc.) 42% 44% 53% 47% Social engineering/Phishing 45% 37% 62% 38% Data loss/leakage 46% 35% 70% 30% Understanding security risks of emerging areas, i.e. cloud, mobile, social 49% 32% 61% 39% Physical security threats (e.g. theft of a device) 42% 28% 72% 28% Intentional abuse by insiders, i.e. staff, contractors 42% 26% 76% 24% Lack/inadequate enforcement of company security policy 45% 23% 77% 23% Lack of budget/support for investing in security 42% 23% 76% 24% Human error among IT staff 47% 22% 80% 20% Human error among general staff 55% 21% 76% 24% Security Threats More Critical Today Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
  4. 4. Security Defenses in Use Data Loss Prevention Large Firms Medium Firms Small Firms 71% 54% 55% 61% Identity and Access Management 43% 39% 51% Formal risk assessment 40% 35% 44% Security Information and Event Management 37% 32% 41% Enterprise Security Intelligence 34% 22% 40% External Vulnerability Assessments 25% 28% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
  5. 5. Human Element a Major Part of Security Risk Factors in Security Breaches Top Human Error Sources Human Error 55% 45% Technology Error 42% End user failure to follow policies and procedures 41% IT staff failure to follow policies and procedures 39% Lack of security expertise with website/applications 38% Lack of security expertise with IT infrastructure Source: CompTIA’s 11th Annual Information Security Trends study Base: 320 end users experiencing security breaches/244 end users with human error issues
  6. 6. Change in Security Approach Over Past Two Years 51% 36% View of Drastic/Moderate Change by Job Function 70% Business Function 13% 69% IT Function 44% Executives Drastic amount of change Moderate No amount of change/small change amount of change Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
  7. 7. Formal Risk Analysis Not a Part of Security Planning for Most Companies Planning to Use Currently Using 33% 41% No plans/Not familiar 26% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
  8. 8. Balancing Risk and Security Reasons to Mitigate Security Risk Reasons to Accept More Security Risk 66% 67% Nature of emerging threats 66% Desire to use new technology 56% Result of security evaluation 63% Changing security landscape 50% New business model/offerings 53% Potential business benefits 18% 17% Too Much Appropriate Security Balance Too Stringent Risk Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
  9. 9. Rating of Workforce Security Mindset 44% 48% 8% Advanced – Understand Policies and Try to Stay Compliant Basic – Unfamiliar with Some Details but Generally Aware Low Priority – More Focused on Work Tasks and Less on Security Source: CompTIA’s 10th Annual Information Security Trends study Base: 306 end users experiencing security breaches over past year
  10. 10. Changes on the Technology Landscape Affecting Security Rise of social networking 52% Cloud Computing 51% Availability of easy-to-use hacking tools 49% Interconnectivity of devices/systems 48% Sophistication of security threats 47% Growing organization of hackers 47% Volume of security threats Consumerization of IT 39% 33% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. IT and business executives (aka end users) responsible for security
  11. 11. Review of Cloud Provider Security Amount of Review Done by End Users Areas Reviewed by End Users • Identity and access management • BC/DR plans of cloud provider • Data integrity assurances 40% • Data encryption at rest and in transit 29% 14% Little/None/ Moderate Don’t Know • Data and backup retention policies • Regulatory compliance of provider Heavy • Credentials held by provider • Geographic location of data centers 17% say it depends on situation Source: CompTIA’s 11th Annual Information Security Trends study Base: 435 end users with cloud solutions
  12. 12. Mobile Security Incidents Within Businesses Lost/stolen device Mobile malware Employees disabling security features Mobile phishing attack Violation of policy on corporate data None of the above 2013 2012 39% 38% 28% 19% 26% 19% 24% 20% 23% 25% 31% 34% Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 U.S. end users responsible for security
  13. 13. The Growing Threat of Data Loss Experiencing Data Loss in the Past Year Types of Data Lost 55% 50% 25% Data about employees Intellectual property 28% Definitely 43% 42% 19% Corporate financial data Customer data 22% Believe data was lost, but not sure which data Probably 6% Don’t Know No Yes Source: CompTIA’s 11th Annual Information Security Trends study Base: 500 end users/190 end users experiencing data loss
  14. 14. As the voice of the IT industry, CompTIA has hundreds of tools, market intelligence reports and business training programs to help IT organizations grow through education, certification, advocacy and philanthropy. Check it out at www.comptia.org. Want to know about our research on the IT workforce? Visit http://www.comptia.org/research/it-workforce.aspx. comptia.org Want to know more?

×