The survey of 250 cybersecurity professionals attending the 2016 Black Hat conference found that concerns about major data breaches are increasing. Nearly three-quarters felt a breach at their organization in the next year was likely, up slightly from 2015. Respondents also reported shortages in security staff, budget, and training, making it difficult to address emerging threats like phishing and targeted attacks. The survey highlights how cybersecurity risks are rising as resource constraints grow.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
Prof m01-2013 global information security workforce study - finalSelectedPresentations
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
The document provides an executive summary and key findings of the 2013 (ISC)2 Global Information Security Workforce Study, which surveyed over 12,000 information security professionals worldwide. Some of the main points from the summary are:
- The information security profession is large, growing, and dynamic as it must adapt to changing IT environments and evolving threats.
- While the field remains stable, there are shortages of professionals. Knowledge and certification are important for career success.
- Application vulnerabilities are the top security concern, followed by malware and mobile devices.
- While attack response is expected to be rapid, security incident preparedness may be strained.
- Information security professionals are seen as more important than
This document discusses managing insider threats and building a successful audit program. It emphasizes the importance of educating users about insider threats, as employees are often the biggest security risk. It outlines the key components of an insider threat program, including policies, processes, access controls, risk management, and auditing. It also provides tips for tool selection, governance, documentation, and implementation. Throughout, it stresses that insider threats are difficult to detect but can be mitigated through visibility and understanding risky behaviors.
This document summarizes the key findings of Kaspersky Lab's 2014 IT Security Risks Survey. Some of the main points include:
1) Protection of confidential data against targeted attacks was the top priority for 38% of IT managers surveyed, compared to not being a priority in previous years.
2) 94% of companies encountered cybersecurity issues originating outside their networks, up from 91% in 2013. About 12% faced targeted attacks, up from 9% previously.
3) The average cost of a data security incident was estimated at $720,000, while a successful targeted attack could cost over $2.5 million. Losses often included internal data, client data, and financial information.
Most tech and healthcare executives surveyed viewed cyber attacks as a serious threat to their business and data. While over half were moderately confident in their own security, far fewer were confident in their partners' security. In response, 98% of companies are maintaining or increasing cybersecurity resources, focusing more on response than prevention. Over half of companies now offer cybersecurity as part of their products and services. Increased media coverage has heightened awareness of cyber threats for many executives.
In a survey of U.S. technology and healthcare executives nationwide, Silicon Valley Bank found that companies believe cyber attacks are a serious threat to both their data and their business continuity.
Highlights
- 98% are maintaining or increasing resources devoted to cyber security
- 50% are increasing their cyber security resources, preparing for when, not if, cyber attacks occur
- Just 35% are completely or very confident in the security of their company information, and only 16% feel the same about their business partners
The 2014 Report on the State of Data Backup for SMBs reveals key insights around data backup, security and recovery as a result of a survey conducted during the first quarter of 2014 by Carbonite, Inc. Discover the 5 key themes to improve your SMB’s data backup, security and recovery in 2014 and beyond.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
Prof m01-2013 global information security workforce study - finalSelectedPresentations
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
The document provides an executive summary and key findings of the 2013 (ISC)2 Global Information Security Workforce Study, which surveyed over 12,000 information security professionals worldwide. Some of the main points from the summary are:
- The information security profession is large, growing, and dynamic as it must adapt to changing IT environments and evolving threats.
- While the field remains stable, there are shortages of professionals. Knowledge and certification are important for career success.
- Application vulnerabilities are the top security concern, followed by malware and mobile devices.
- While attack response is expected to be rapid, security incident preparedness may be strained.
- Information security professionals are seen as more important than
This document discusses managing insider threats and building a successful audit program. It emphasizes the importance of educating users about insider threats, as employees are often the biggest security risk. It outlines the key components of an insider threat program, including policies, processes, access controls, risk management, and auditing. It also provides tips for tool selection, governance, documentation, and implementation. Throughout, it stresses that insider threats are difficult to detect but can be mitigated through visibility and understanding risky behaviors.
This document summarizes the key findings of Kaspersky Lab's 2014 IT Security Risks Survey. Some of the main points include:
1) Protection of confidential data against targeted attacks was the top priority for 38% of IT managers surveyed, compared to not being a priority in previous years.
2) 94% of companies encountered cybersecurity issues originating outside their networks, up from 91% in 2013. About 12% faced targeted attacks, up from 9% previously.
3) The average cost of a data security incident was estimated at $720,000, while a successful targeted attack could cost over $2.5 million. Losses often included internal data, client data, and financial information.
Most tech and healthcare executives surveyed viewed cyber attacks as a serious threat to their business and data. While over half were moderately confident in their own security, far fewer were confident in their partners' security. In response, 98% of companies are maintaining or increasing cybersecurity resources, focusing more on response than prevention. Over half of companies now offer cybersecurity as part of their products and services. Increased media coverage has heightened awareness of cyber threats for many executives.
In a survey of U.S. technology and healthcare executives nationwide, Silicon Valley Bank found that companies believe cyber attacks are a serious threat to both their data and their business continuity.
Highlights
- 98% are maintaining or increasing resources devoted to cyber security
- 50% are increasing their cyber security resources, preparing for when, not if, cyber attacks occur
- Just 35% are completely or very confident in the security of their company information, and only 16% feel the same about their business partners
The 2014 Report on the State of Data Backup for SMBs reveals key insights around data backup, security and recovery as a result of a survey conducted during the first quarter of 2014 by Carbonite, Inc. Discover the 5 key themes to improve your SMB’s data backup, security and recovery in 2014 and beyond.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
The 2014 Report on the State of Data Backup for SMBs reveals key insights around data backup, security and recovery as a result of a survey conducted during the first quarter of 2014 by Carbonite, Inc. Discover the 5 key themes to improve your SMB’s data backup, security and recovery in 2014 and beyond!
The past few years have seen an explosion of cyber attacks, and with the 2015 OPM breaches underscoring the vulnerability of government data, agencies are racing to implement proactive, holistic cybersecurity measures. In order to measure changing federal perceptions and experiences regarding the present threat landscape, Government Business Council (GBC) and Dell conducted an in-depth research survey as a follow-up to a previous June 2014 GBC study.
This document discusses the results of Ernst & Young's 2010 Global Information Security Survey. Some key findings include:
- 60% of respondents perceived an increase in risk due to new technologies like social media, cloud computing, and mobile devices.
- 46% planned to increase spending on information security.
- Increased workforce mobility and data leakage were significant challenges for many organizations.
- Many organizations are taking steps to address mobile security risks through policies, encryption, and identity management controls.
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
This document discusses how small and midsize businesses are prime targets for cybercriminals for five key reasons:
1. Their data is often more valuable than they realize, whether it be customer information, intellectual property, or access to larger partners' systems.
2. Cyber attacks against SMBs offer low risk and high returns for criminals due to the difficulty in attribution and punishment.
3. SMBs present easier targets as they typically have smaller security budgets and expertise compared to large enterprises.
4. Many SMBs are complacent about cyber threats and do not consider security a high priority.
5. Most SMB security tools are inadequate against sophisticated modern attacks.
Sharing the blame: How companies are collaborating on data security breaches, is an Economist Intelligence Unit research project, sponsored by Akamai Technologies, exploring the ways in which organisations are collaborating to deal with the disclosure of data security breaches. How are they co-operating with governments, other companies and third parties in areas such as requirements for the public disclosure of such breaches? Do they have consistent cyber security policies? To what extent are they sharing best practices?
Índice de software sin licencia en el mundo. Luis Noguera
The document is a report from BSA | The Software Alliance on global software usage trends. Some key findings:
- The rate of unlicensed software installations decreased modestly globally from 43% in 2013 to 39% in 2015.
- Despite awareness of security risks, unlicensed usage remains high in some regions and industries.
- Effective software asset management and employee education are needed to further reduce unlicensed usage and realize cost savings while mitigating security risks.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
This document provides a guide to help organizations prepare for and respond to data breaches and incidents. It discusses the growing risk of data breaches and outlines best practices for data lifecycle management. These include implementing an effective Data Incident Plan, understanding how data flows through an organization from collection to destruction, and designating personnel responsible for data protection. The goal is to help organizations enhance security, respond quickly to incidents, and minimize negative impacts to consumers and business operations.
Ponemon Institute Data Breaches and Sensitive Data RiskFiona Lew
This document summarizes the results of a survey of 432 IT and security professionals about data breaches and sensitive data risks. Key findings include:
- The top concerns are not knowing where sensitive data is located and not knowing the data risk. A data breach is also the top security risk.
- Few respondents know the risk level of structured, unstructured, cloud, or big data, and data breach risks are seen as increasing.
- Companies use automated and classification tools to discover sensitive data and assess risk, but what is tracked is uncertain.
- Emerging trends like mobility and the "consumerization of IT" will most influence future security decision-making.
1. How often do you see non-sanctioned cloud services in use?
2. Are we protecting ourselves against insider threats?
3. Do we have a cyber security task force in place?
4. Is our BYOD policy secure?
5. Do you feel limited by your security budget or staff size?
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
The survey of Fortune 1000 security directors identified the top security threats and management issues facing corporate America in 2016. Cyber/communications security relating to internet/intranet security remained the top concern. Workplace violence prevention/response rose to the second highest threat, while active shooter threats and cyber/communications security relating to mobile technology were newly emerged threats in the top five. Regarding management issues, security staff training effectiveness and promoting employee awareness were the greatest concerns.
In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online.
Acceso multiple de division FDMA, TDMA,CDMA Y PDMAfrancisco1707
Este documento describe cuatro métodos de acceso múltiple: FDMA divide el espectro en canales de frecuencia asignados a usuarios; TDMA asigna intervalos de tiempo en cada canal para múltiples usuarios; CDMA usa códigos únicos para identificar señales; y PDMA usa polarizaciones vertical u horizontal en las antenas del satélite y en tierra para permitir el acceso simultáneo desde la misma región.
El documento lista el patrimonio histórico y arquitectónico de varias localidades en Portugal, incluyendo iglesias, capillas, cruces, fuentes, casas señoriales y solares. Describe los objetivos de recopilar y promover el conocimiento del patrimonio local para divulgar la historia de estas regiones.
Launch 3 Telecom sells a black speaker with display from 3Com that does not include a power supply. Customers can purchase the product by phone, email, or online request form. Launch 3 Telecom provides same-day shipping for orders received by 3PM as well as warranty, returns, and repair services. They also offer de-installation, testing, storage, and repair of telecom equipment.
Numerical Study of Strong Free Surface Flow and Breaking WavesYi Liu
This dissertation presents numerical simulations of interfacial flows and free surface turbulence. A numerical tool combining level set, volume of fluid, ghost fluid and immersed boundary methods is developed. Direct numerical simulations are performed of two-dimensional breaking waves and large eddy simulations of wind over steep waves. Wave breaking characteristics, velocity fields, energy dissipation and empirical models are studied. Simulations are also conducted of free surface turbulence under different gravity and surface tension effects. Turbulence statistics, intermittency layers and structures like splats are investigated. Finally, a multi-scale approach is developed to simulate wind-wave interaction with structures, using large eddy simulation at the large scale and the numerical tool at the local scale.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
The 2014 Report on the State of Data Backup for SMBs reveals key insights around data backup, security and recovery as a result of a survey conducted during the first quarter of 2014 by Carbonite, Inc. Discover the 5 key themes to improve your SMB’s data backup, security and recovery in 2014 and beyond!
The past few years have seen an explosion of cyber attacks, and with the 2015 OPM breaches underscoring the vulnerability of government data, agencies are racing to implement proactive, holistic cybersecurity measures. In order to measure changing federal perceptions and experiences regarding the present threat landscape, Government Business Council (GBC) and Dell conducted an in-depth research survey as a follow-up to a previous June 2014 GBC study.
This document discusses the results of Ernst & Young's 2010 Global Information Security Survey. Some key findings include:
- 60% of respondents perceived an increase in risk due to new technologies like social media, cloud computing, and mobile devices.
- 46% planned to increase spending on information security.
- Increased workforce mobility and data leakage were significant challenges for many organizations.
- Many organizations are taking steps to address mobile security risks through policies, encryption, and identity management controls.
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
This document discusses how small and midsize businesses are prime targets for cybercriminals for five key reasons:
1. Their data is often more valuable than they realize, whether it be customer information, intellectual property, or access to larger partners' systems.
2. Cyber attacks against SMBs offer low risk and high returns for criminals due to the difficulty in attribution and punishment.
3. SMBs present easier targets as they typically have smaller security budgets and expertise compared to large enterprises.
4. Many SMBs are complacent about cyber threats and do not consider security a high priority.
5. Most SMB security tools are inadequate against sophisticated modern attacks.
Sharing the blame: How companies are collaborating on data security breaches, is an Economist Intelligence Unit research project, sponsored by Akamai Technologies, exploring the ways in which organisations are collaborating to deal with the disclosure of data security breaches. How are they co-operating with governments, other companies and third parties in areas such as requirements for the public disclosure of such breaches? Do they have consistent cyber security policies? To what extent are they sharing best practices?
Índice de software sin licencia en el mundo. Luis Noguera
The document is a report from BSA | The Software Alliance on global software usage trends. Some key findings:
- The rate of unlicensed software installations decreased modestly globally from 43% in 2013 to 39% in 2015.
- Despite awareness of security risks, unlicensed usage remains high in some regions and industries.
- Effective software asset management and employee education are needed to further reduce unlicensed usage and realize cost savings while mitigating security risks.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
This document provides a guide to help organizations prepare for and respond to data breaches and incidents. It discusses the growing risk of data breaches and outlines best practices for data lifecycle management. These include implementing an effective Data Incident Plan, understanding how data flows through an organization from collection to destruction, and designating personnel responsible for data protection. The goal is to help organizations enhance security, respond quickly to incidents, and minimize negative impacts to consumers and business operations.
Ponemon Institute Data Breaches and Sensitive Data RiskFiona Lew
This document summarizes the results of a survey of 432 IT and security professionals about data breaches and sensitive data risks. Key findings include:
- The top concerns are not knowing where sensitive data is located and not knowing the data risk. A data breach is also the top security risk.
- Few respondents know the risk level of structured, unstructured, cloud, or big data, and data breach risks are seen as increasing.
- Companies use automated and classification tools to discover sensitive data and assess risk, but what is tracked is uncertain.
- Emerging trends like mobility and the "consumerization of IT" will most influence future security decision-making.
1. How often do you see non-sanctioned cloud services in use?
2. Are we protecting ourselves against insider threats?
3. Do we have a cyber security task force in place?
4. Is our BYOD policy secure?
5. Do you feel limited by your security budget or staff size?
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
The survey of Fortune 1000 security directors identified the top security threats and management issues facing corporate America in 2016. Cyber/communications security relating to internet/intranet security remained the top concern. Workplace violence prevention/response rose to the second highest threat, while active shooter threats and cyber/communications security relating to mobile technology were newly emerged threats in the top five. Regarding management issues, security staff training effectiveness and promoting employee awareness were the greatest concerns.
In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online.
Acceso multiple de division FDMA, TDMA,CDMA Y PDMAfrancisco1707
Este documento describe cuatro métodos de acceso múltiple: FDMA divide el espectro en canales de frecuencia asignados a usuarios; TDMA asigna intervalos de tiempo en cada canal para múltiples usuarios; CDMA usa códigos únicos para identificar señales; y PDMA usa polarizaciones vertical u horizontal en las antenas del satélite y en tierra para permitir el acceso simultáneo desde la misma región.
El documento lista el patrimonio histórico y arquitectónico de varias localidades en Portugal, incluyendo iglesias, capillas, cruces, fuentes, casas señoriales y solares. Describe los objetivos de recopilar y promover el conocimiento del patrimonio local para divulgar la historia de estas regiones.
Launch 3 Telecom sells a black speaker with display from 3Com that does not include a power supply. Customers can purchase the product by phone, email, or online request form. Launch 3 Telecom provides same-day shipping for orders received by 3PM as well as warranty, returns, and repair services. They also offer de-installation, testing, storage, and repair of telecom equipment.
Numerical Study of Strong Free Surface Flow and Breaking WavesYi Liu
This dissertation presents numerical simulations of interfacial flows and free surface turbulence. A numerical tool combining level set, volume of fluid, ghost fluid and immersed boundary methods is developed. Direct numerical simulations are performed of two-dimensional breaking waves and large eddy simulations of wind over steep waves. Wave breaking characteristics, velocity fields, energy dissipation and empirical models are studied. Simulations are also conducted of free surface turbulence under different gravity and surface tension effects. Turbulence statistics, intermittency layers and structures like splats are investigated. Finally, a multi-scale approach is developed to simulate wind-wave interaction with structures, using large eddy simulation at the large scale and the numerical tool at the local scale.
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
The document discusses strategies for event marketing before, during, and after an industry event. It summarizes research from a survey of 403 technology professionals about their preferences and behaviors related to industry events. Some key findings include: 50% of attendees schedule meetings with vendors before events; 64% are more likely to visit booths with subject matter experts; and 59% would engage post-event with vendors that demonstrated how their technology could help the attendee's business. The document advocates for an integrated marketing approach using events as part of an overall strategy.
This document provides information about the 3Com 3C16702A hub, including how to purchase it from Launch 3 Telecom. Launch 3 Telecom is a telecommunications supplier that offers this 3Com product as well as repair services, installation, and more. Interested customers can purchase the 3C16702A through various payment methods and expect same-day shipping with order tracking.
Análisis y selección de diferentes métodos para eliminar las saponinas en dos...Josemaria Chavez Zeballos
Este documento analiza y compara diferentes métodos para eliminar las saponinas de dos variedades amargas de quinua. El autor encontró que el método combinado, que incluye escarificación mecánica y remojo húmedo, fue el más efectivo al eliminar el 75% de las saponinas. La investigación se llevó a cabo en el Jardín Botánico José Celestino Mutis en Bogotá entre 2007 y 2008.
Los niños realizaron un experimento sobre los cambios de estado sólido a líquido y viceversa. Observando cómo el hielo, helado, gelatina y chocolate pasaban de sólidos a líquidos con el calor y de líquidos a sólidos con el frío, condujeron a la conclusión de que el calor hace que las cosas se pongan blandas mientras que el frío las endurece. Luego experimentaron con una "masa mágica" que se volvía sólida al manipularla con las manos y líquida al dejar de moverla, rel
El documento presenta 6 cuadros con la distribución de frecuencia del uso de las TIC, el aprendizaje significativo y sus dimensiones (conceptual, procedimental y actitudinal) en una institución educativa. Cada cuadro muestra el puntaje mínimo y máximo, la frecuencia y el porcentaje acumulado de 5 niveles (pésimo, malo, regular, bueno y excelente).
La pandemia de COVID-19 ha tenido un impacto significativo en la economía mundial. Muchos países experimentaron fuertes caídas en el PIB y aumentos en el desempleo debido a los cierres generalizados y las restricciones a los viajes. Aunque las vacunas ofrecen esperanza de una recuperación económica en 2021, el panorama a corto plazo sigue siendo incierto dado el resurgimiento de casos en algunas partes del mundo.
Práctica de power point denisse camacho yactayoFree TIC
El documento describe el proyecto One Laptop Per Child (OLPC), incluyendo su hardware, software y precio. El proyecto fue fundado por académicos del MIT para proveer computadoras portátiles a niños. El hardware de las laptops OLPC es pequeño y duradero, y usa software educativo de código abierto. El precio total de las laptops es de $175 dólares.
Es un trabajo con el fin de conocer que es Wearable. Y como ejemplo tomamos "The Cicret Bracelet" que aunque, aun no esta en el mercado a captado la atención de muchos usuarios. Espero esta información que aquí presento les sirva a ustedes también...
Este documento presenta información sobre el IV Gran Encuentro Nacional de Ciencias e Ingeniería Zona Occidente que se llevará a cabo el 2 de octubre de 2008. Incluye definiciones de cultura, historia de la ciencia, y las dos culturas propuestas por C.P. Snow. También presenta proyectos de investigación sobre cultura material en el occidente de México y sobre el ingeniero químico jalisciense Juan Salvador Agraz. Finalmente, discute elementos importantes para la innovación como el tiempo, la estructura organizacional
Este documento discute la autoestima y sus diferentes aspectos. Define la autoestima como la capacidad de amarse a uno mismo y confiar en las propias capacidades. Explica que la autoestima se ve influenciada por factores como las experiencias familiares y la comparación con los demás. También destaca que tener una autoestima saludable es importante para establecer relaciones positivas y evitar problemas psicológicos.
Este documento celebra los 70 años de una familia. Comienza con la historia de los padres y la hermana de la persona, y cómo de esa unión nacieron tres hijos. Luego llegaron los nietos para disfrutar del milagro de la vida. Se desea un feliz cumpleaños y se reconoce la fortuna de compartir cada día juntos.
Este documento presenta un resumen de los valores éticos y morales. Enumera los valores como el amor, respeto, honestidad, responsabilidad, lealtad y tolerancia. Explica que los valores éticos regulan la conducta y se adquieren a lo largo del desarrollo individual, mientras que los valores morales son transmitidos por la sociedad y guían las interacciones entre las personas.
Slideshare es un servicio que permite a los usuarios subir, ver y compartir presentaciones de PowerPoint u otros archivos de oficina de forma gratuita. Los usuarios pueden cargar archivos hasta 20MB, los cuales son convertidos a formato Flash para poder ser vistos en línea. Slideshare también permite compartir estas presentaciones a través de correo electrónico o insertarlas directamente en páginas web usando código embedido.
CynergisTek’s Survey Data Reveals Leading Cybersecurity Concerns for Healthcare Organization Executives.
Client-Conference Data Unveils That Risks Associated with Internet of Things, Medical Devices, Third-Party Vendors, and Program Management are Top of Mind for Security Executives, Yet Action is Lagging
2016 Scalar Security Study Executive Summarypatmisasi
Executive Summary of the 2016 Scalar Security Study. The study examines the cyber security readiness of Canadian organizations and the trends in dealing with growing cyber threats.
We surveyed 650+ IT and IT security practitioners in Canada , and found that organizations are experiencing an average of 40 cyber attacks per year and only 37% of organizations believe they are winning the cyber security war. We looked at average spend, cost of attacks, and technologies that are yielding the highest ROI. We also provide recommendations on how you can benchmark your own security posture and what you can do to improve.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
IT security threats for next year will be introducing new players while bringing back some old ones (with a few new twists). The 2015 threat landscape — It's complicated.
The top 5 IT security threats for 2015 include more insider breaches, more crime as a service, and more reputation sabotage.
In ways yet to be seen, cybersecurity has already affected the “agency of the future.” Today, the world is interconnected like never before. As a nation, we must work collaboratively to ensure that cyber defense strategies are robust and effective to secure our way of life.
President Obama said during remarks at the White House, “the cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.”
Throughout his tenure, President Obama has directed agencies to conduct a thorough analysis of the Federal Government’s efforts to protect data, information, communication and critical infrastructure. Often, we forget that every day Americans rely on cyber defense for our economic viability and security.
Cyber includes much more than just our personal identity and social security numbers. Every day, cyber defense is used to protect:
Broadband networks
Information networks that power business, hospitals and schools
Critical infrastructure
Classified government intelligence and documents
http://www.govloop.com/profiles/blogs/the-govloop-guide-winning-the-cybersecurity-battle
We are living in a world where cyber security is a top priority for .pdfgalagirishp
We are living in a world where cyber security is a top priority for all governments and
businesses. In fact, last week the United States announced cyber security as its biggest. James
Clapper, the Director of National Intelligence, says that “the world is applying digital
technologies faster than our ability to understand the security implications and mitigate potential
risks.” Hackers are able to get ahead of governments because they are applying technology faster
than many can understand it.
(http://ca.reuters.com/article/technologyNews/idCABRE92B0LS20130312)
These attackers are persistent, and it is important to be aware of the methods used by hackers as
it is an important step towards defending sensitive company data.
When a hacker strikes, the cost to a company could potentially be millions of dollars. Not only
will it affect the bottom line, but hard-earned reputations can be compromised or destroyed.
It is important to recognize the differences between the different kinds of cyber threats: external
and internal. An external, or outsider threat is much trickier to pinpoint. It can be “from someone
that does not have authorized access to the data and has no formal relationship to the company.”
They could be from someone who is actively targeting the company, or accidentally from
someone who found a lost mobile device.
Internal threats are likely to come from an authorized individual that has easy access to sensitive
corporate data as part of their day-to-day duties. This could be anyone working within the
company or acting as a third party representative. The Global Knowledge Blog states that
insiders have a much greater advantage because they have means, motive, and opportunity,
whereas outsiders most often only have a motive.
(http://globalknowledgeblog.com/technology/security/hacking-cybercrime/insider-vs-outsider-
threats/)
When focusing on internal threats, we have made a digital security check list:
Implement an Intrusion Detection System (IDS). These systems act like security cameras
watching a network. They react to suspicious activity by logging off suspect users, or in some
cases, they might reprogram firewalls to snag a possible intrusion.
Implement a log management platform that will centralize all the logs and correlate to find
threats and alert on them.
Stay proactive with Identity Management systems that will monitor high risk or suspicious user
activity by detecting and correcting situations that are out of compliance or present a security
risk.
Be aware of who has keys and access codes to vulnerable information. Monitor the activity
when these spaces are accessed, authorized, or not.
Create safety policies for when employees with these security privileges leave the company or
are terminated. This will reduce the risk of theft due to careless behaviour, or break-ins from
disgruntled employees.
Get employees involved with the security procedures of the company. As a team, you can work
to strengthen your digital security pr.
This document summarizes the key findings of the 2006 CSI/FBI Computer Crime and Security Survey. The survey polled over 600 security professionals and found that:
1) Virus attacks and unauthorized access continued to be the largest sources of financial loss. Financial losses from laptop theft and stolen proprietary information were also significant.
2) Unauthorized computer use slightly decreased while reported computer security incidents to law enforcement increased after previous years of decline.
3) Most organizations evaluate security investments using metrics like return on investment, but many respondents said economic and risk management issues were most critical.
4) Over 80% of organizations conduct security audits but respondents felt more investment was still needed in security awareness training.
5)
The document summarizes the findings of a survey on millennials' career interests, preparedness, and online attitudes and behaviors. Key findings include:
- Millennials are interested in cybersecurity careers but lack knowledge of related job responsibilities and skills.
- Many had limited computer education and guidance in high school to prepare them for cyber careers.
- Millennials express online safety concerns but engage in risky digital behaviors like using public WiFi without passwords.
- To attract millennials to cybersecurity, more education is needed on career paths and skills required for related jobs.
You know the bad guys are up to no good, but did you know the greatest threat to your organization comes from the inside? View this presentation and learn answers to your most pressing questions:
- Do critical gaps exist in your cyberthreat defense posture?
- How does your security spend compare to other organizations?
- What can you do to minimize risk against the internal and external threat?
- Is your business critical data protected from cybercriminals?
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
This document summarizes the key findings of a survey on cyber risk conducted by Harvard Business Review Analytic Services and sponsored by Zurich Insurance Group. Some of the main points:
- More than 3/4 of respondents said information security and privacy have become more significant concerns in the past 3 years.
- The top concerns were malware/viruses, administrative errors, data provider incidents, and malicious employee activity.
- Legal liability from data breaches was also a major concern, with costs of litigation and regulatory fines among the top worries.
- While many companies have improved security practices like IT updates and employee training, over 20% said their security budgets were inadequate and awareness has yet to penetrate all levels
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...CMR WORLD TECH
- Many IR professionals feel their organizations' IR capabilities are ineffective due to lack of time and budget.
- Incidents are common, with most organizations experiencing 1-25 incidents in the past two years, most commonly malware infections.
- Survey respondents represented a variety of organization sizes, industries, and IR roles to provide a broad perspective on challenges facing IR teams.
1) Three trends were identified in cybersecurity for 2016: cybersecurity going mainstream; social media hacking escalating; and 2016 being a year of security training and certifications.
2) As technology evolves, cybersecurity will continue to grow mainstream. However, social media hacking poses a continued threat as hackers try new tactics to outsmart security professionals.
3) In response, security training and certification opportunities are increasing to broaden knowledge and help reduce attacks, though training and awareness efforts must continue going forward.
the-ciso-report for 2024 predictions by SPLUNKSaifAlwan2
The document summarizes the key findings of a report on emerging trends and strategies for cybersecurity leaders. It finds that:
1. While many CISOs believe AI gives an advantage to attackers, some are already experimenting with AI for cyber defense purposes like malware analysis and risk scoring.
2. There is still some misalignment between what CISOs and their boards prioritize, with boards focusing more on compliance and CISOs dealing with delays and inability to support initiatives due to lack of funding.
3. CISOs are increasingly becoming members of the C-suite, with 47% now reporting directly to the CEO, and boards are more actively engaging on security issues.
The document discusses the findings of a global survey on IT security risks conducted by Kaspersky Lab. Some key findings include:
- IT security is the top concern for businesses and almost half see cyber threats as a top emerging risk.
- The most common external threat experienced by companies is malware.
- Companies are cautious of new technologies like cloud computing and mobile devices.
- Most companies take measures like anti-malware protection but many feel more investment is needed in IT security.
- The document discusses the impacts of COVID-19 on insurance fraud detection. It summarizes the results of a survey of insurance professionals on how the pandemic has affected fraud trends and insurance companies' fraud-fighting efforts.
- Key findings include that over 60% of respondents saw an increased fraud workload due to COVID-19, and the top reported pandemic fraud schemes were staged accidents, procedure billing fraud, and fake home accidents. Nearly two-thirds of insurers increased their focus on digitalization in response.
- Ongoing challenges for insurers in combating fraud effectively include issues with internal data quality, access to external data, and keeping up with changing fraud schemes. Most recognize the benefits of automated fraud detection tools but
With malware attacks growing more sophisticated, swift, and dangerous by the day — and billions of dollars spent to combat them — surprisingly few organizations have a grip on the problem. Only 20 percent of security professionals surveyed by Information Security Media Group (ISMG) rated their incident response program “very effective.” Nearly two-thirds struggle to detect APTs, limiting their ability to defend today’s most pernicious threats. In addition, more than 60 percent struggle with the speed of detection, and more than 40 percent struggle with the accuracy of detection. Those shortcomings give attackers more time to steal data and embed their malware deeper into targeted systems. For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
1. Previous Next
Previous Next
DownloadDownload
SubscribeSubscribe
Previous Next
Previous Next
www.blackhat.com
July 2016
The Rising Tide of
Cybersecurity Concern
In our second annual survey of top
security professionals, Black Hat finds
that the expectation of major breaches
is even higher than last year.
2016 Black Hat Attendee Survey
2. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
SUMMARY
In 2015, we set out to get an insider’s view of the current cybersecurity environment by
speaking to the most knowledgeable information security professionals in the industry. To
achieve that goal, we surveyed one of the most security-savvy audiences in the industry:
those who have attended the annual Black Hat USA conference. Black Hat, a forum that fea-
tures some of the most advanced security research in the world, is a destination for discussion
among top security minds, including leading ethical hackers, IT security management, and
technology developers. The 2015 Black Hat Attendee Survey was the first of its kind, featur-
ing responses from full-time IT security professionals — some two-thirds of whom had been
credentialed as Certified Information Systems Security Professionals (CISSP).
The results of that study were alarming, as nearly three-quarters (72%) of respondents felt it
likely that their organizations would have to deal with a major data breach in the year ahead.
Approximately two-thirds of respondents said they did not have enough staff, budget, or train-
ing to meet those challenges. With so many security experts holding pessimistic attitudes about
the coming year, it seemed as though the cybersecurity problem could not get much worse.
Unfortunately, it has. The 2016 Black Hat Attendee Survey results are in — and as a rule, the
most expert security professionals in the industry are even more concerned this year than they
were last year.
In the 2016 Black Hat Attendee Survey, the percentage of respondents who say they have“no
doubt”that they will need to respond to a major security breach in the next 12 months (15%) is
slightly higher than it was in 2015. The percentage of respondents who say it is“very likely”that
they will face a major breach in the next year (25%) is up one percentage point. (See Figure 1.)
Despite these growing concerns, security departments are still facing an alarming shortage of
resources. When asked if they have enough staff to face the threats they expect to see in the
EXECUTIVE
2016 Black Hat Attendee Survey
July 2016 2www.blackhat.com
ABOUT US
For more than 18 years, Black
Hat has provided attendees
with the very latest in
information security research,
development, and trends.
These high-profile global
events and trainings are driven
by the needs of the security
community, striving to bring
together the best minds in the
industry.
More information is available
at: http://www.blackhat.com.
3. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
coming year, 74% of respondents said no — an
even higher figure than in 2015. Sixty-two percent
said they do not have enough budget to defend
their organizations against coming threats. And
67% say they themselves do not have enough
training to do their jobs — more than who ex-
pressed this concern in 2015.
Of all the problems that security organizations face,
the shortage of skilled staff is the most acute. When
asked the reason why security initiatives fail,“a
shortage of qualified people and skills”was by far
the top response (37%), outpacing a lack of man-
agement support (22%) and a lack of integration
among security products (14%). And the pool of
available security pros continues to shrink: only
11% of security professionals say they are actively
looking to change jobs (down from 12% in 2015),
and only 24% said they are even updating their
resumes (down from 30% in 2015).
But a shortage of resources is not the only problem
that enterprise security organizations face today.
With staffing, budget, and training all in short
supply, security professionals are being forced to
prioritize their activities— but frequently, the
priorities set by the business are not the priorities
considered most important by security professionals.
When we asked security pros what they considered
the most important threats and concerns that they
face today, they overwhelmingly answered with two
emerging threats: social engineering attacks such as
phishing (46%) and sophisticated attacks targeted
directly at their organization (43%). But when we
asked those same security professionals how they
spend their time, their top answers were measuring
risk (35%), managing compliance with industry and
regulatory requirements (32%), and troubleshoot-
ing security vulnerabilities in internally developed
applications (27%). Clearly, there is a gap between
the issues and challenges that security profession-
als consider the most concerning and the issues and
challenges that they spend the most time working on
— and that gap is larger in 2016 than it was in 2015.
In the pages that follow, we offer deeper details on
the survey results and the significant challenges that
security professionals face today — not only in
defending against attacks from outside the organi-
zation, but in finding the time, people, and resources
they need to maintain those defenses.
2016 Black Hat Attendee Survey
July 2016 3www.blackhat.com
4. www.blackhat.com
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
SYNOPSIS
RESEARCH
Survey Name The 2016 Black Hat Attendee Survey
Survey Date June 2016
Region North America
Number of Respondents 250
Purpose To gauge the attitudes and plans of one of the IT security industry’s most
experienced and highly-trained audiences: attendees of the Black Hat conference.
Methodology In June 2016 Dark Reading and Black Hat conducted a survey of the Black Hat
USA conference attendees. The online survey yielded data from 250 management and staff
security professionals, predominantly at large companies, with 60% working at companies
with 1,000 or more employees.
The greatest possible margin of error for the total respondent base (N=250) is +/- 4.5%. UBM
was responsible for all programming and data analysis. These procedures were carried out in
strict accordance with standard market research practices
2016 Black Hat Attendee Survey
July 2016 4
5. www.blackhat.com
Security professionals fear they are losing the
war against cybercrime — and the intensity
of that fear is growing. In this year’s Black Hat
Attendee Survey, nearly three-quarters of secu-
rity pros (72%) said they think it likely that they
willhavetorespondtoamajordatabreachinthe
next 12 months. Fifteen percent said they have
“no doubt”that a major breach will occur — up
from 13% in 2005. Twenty-five percent said it is
“highly likely”— up from 24% last year.
There is good reason for this concern.
Despite record levels of spending — Gartner
estimates that businesses spent some $75.4
billion on security technology last year —
the incidence of breaches continues to grow.
Risk Based Security’s Data Breach QuickView
Report cited 3,930 incidents in 2015, repre-
senting more than 736 million records — all-
time highs both for incidents and records.
And the annual Ponemon Cost of a Data
Breach report found that the average cost
of a major data breach has jumped past $4
million per incident — a 29% increase
since 2013 and 5% increase over last year.
By almost every measure, the cybersecurity
problem is worse this year than it was the last.
Why are the enterprise defenders losing
ground?Thechiefconcernisalackofresources.
In the 2016 Black Hat Attendee Survey, nearly
three-quarters (74%) of respondents said they
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
Cybersecurity in Crisis
July 2016 5
How likely do you think it is that your organization
will have to respond to a major security breach
in the next 12 months?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
I have no doubt that we will have to respond to a major incident in the next 12 months
Don’t know/not sure
It’s highly unlikely
It’s somewhat unlikely
It’s somewhat likely
It’s highly likely
15%
13%
25%
24%
32%
15%
36%
13%
7%
6%
8%
6%
2016 2015
Figure 1
2016 Black Hat Attendee Survey
6. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
feel they do not have enough security staff to
defend their organizations against current
threats — even more than in 2015. Nineteen
percent said they are“completely underwater”
when it comes to staffing. (See Figure 2.)
Funding also continues to be a problem.
Despite record spending by the industry
in 2015, some 63% of security professionals
who responded to the survey in 2016 say their
departments do not have enough budget to
defend their organizations against current
threats. Twenty percent said they are“severely
hampered”by a lack of funding.
Training is also a major resource issue in
security. In our survey, more than two-thirds
of respondents (67%) said they feel they do
not have enough training and skills they need
to perform all of the tasks for which they are
responsible — up from 64% last year. Ten
percent of respondents said they feel “ill-
prepared” for many of the threats and tasks
they face each day.
This shortage of resources is the primary rea-
son why IT security efforts continue to come
up short, according to the Black Hat Attendee
Survey responses. When asked why security
initiatives fail, some 37% of respondents said
a shortage of qualified people and skills is the
culprit— the number one answer. A lack of
commitment and support from top manage-
ment was the second-most frequently cited
response with 22%. (See Figure 3.)
While security teams are struggling with a
lack of resources, the attackers continue to
improve their game. In our survey, security
professionals ranked social engineering as their
most frequently cited concern (46%). Sophis-
ticated and targeted attacks were the second
most cited concern (43%). The growing use of
ransomware by attackers was cited as the most
serious new threat to emerge in the past 12
months (37%), while social engineering attacks
on specific individuals was rated the number
two emerging threat (20%). (See Figure 4.)
Figure 2
July 2016 6
Does your organization have enough security staff
to defend itself against current threats?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Yes
What staff
No, we are completely underwater
No, we could use a little help
26%
27%
55%
51%
15%
4%
17%
5%
2016 2015
www.blackhat.com
7. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 7
But external attackers aren’t the only thing
that keeps security professionals awake at
night. When asked to identify the weakest link
in the IT security chain, 28% of security pros
cited end users who violate security policy,
making this the top response in our survey.
Seventeen percent cited“a lack of comprehen-
sive security architecture and planning that
goes beyond firefighting”— a clear indication
that many security pros find themselves react-
ing to emergencies, unable to find the time
they need to comprehensively evaluate their
overall defense strategies. (See Figure 5.)
The Incredible Shrinking Skills Market
Of all the problems and challenges cited in the
2016BlackHatAttendeeSurvey,theshortageof
security skills is the most critical.While budgets
and training continue to be major issues, 74%
of respondents said they do not have enough
people to manage the threats they face today.
These results are supported by Frost & Sullivan
in the latest ISC2 Global Information Security
Workforce Study, which predicts that there will
be a worldwide shortfall of over 1.5 million
information security professionals by 2019.
The security skills shortage is the primary
reason why security initiatives fail, according
to survey respondents, and this answer pres-
ents some major challenges for the indus-
try in years to come. Clearly, there is a critical
need to identify and quickly train a whole new
wave of security professionals. Experts say that
colleges and universities must help in this ef-
fort, and that professional associations and
certification training initiatives will have to be
ramped up significantly in coming years.
But even if this training could be done
Figure 3
What is the primary reason current enterprise
IT security strategies and technologies fail?
Base: 250 respondents in 2016; not asked in 2015
Data: UBM survey of security professionals, June 2016
A shortage of qualified people
and skills
There are too many vulnerabilities
in the rapidly-evolving enterprise
IT environment
The inability of security technology to
keep up with attackers’ new exploits
A lack of integration in security
architecture; too many
single-purpose solutions
A lack of commitment and support
from top management
A shortage of budget
Other
37%
22%
14%
9%
6%
6%
6%
www.blackhat.com
8. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 8
immediately, and hundreds of thousands
of new professionals were brought into the
market, it would not solve the need for highly
experienced staff. At least for the next sev-
eral years, it is likely that security initiatives
that rely heavily on highly trained and ex-
perienced people will continue to fail, sim-
ply because there are not enough people
who fit these crtria. In the future, then, the
security industry will be forced to re-evaluate
all technologies and practices that require
deep skill sets and look toward automation
and technologies that can be operated with
a minimum of training and experience.
And if you’re trying to hire new security
talent this year, it’s going to be very hard — even
harder than it was last year.Thirty-five percent of
the respondents in the 2016 Black Hat Attendee
Survey indicated that it would be very hard to
convince them to leave their current organiza-
tion— a substantial increase from 25% last year.
Only 11% were actively looking for new work,
slightly fewer than last year (12%). Only 24% of
respondents said they are updating their
resumes and keeping an eye out for job open-
ings — down from 30% in 2015. (See Figure 6.)
Why are most security pros so happy in their
jobs?Someofithastodowithknowingwhere
they’re going. When asked “Do you have a
clear upward career growth path in your
current place of employment,” 44% of re-
spondents said “Yes, I know the next step or
level I can get to and I am working toward it
now”— a hefty jump from 38% last year. An-
other 31% say they at least have some ideas
about their options and they’re “pretty sure
I’ll be here a while.”(See Figure 7.)
With so many companies clamoring to hire
What is the most serious new cyberthreat
to emerge in the past 12 months?
Base: 250 respondents in 2016; not asked in 2015
Data: UBM survey of security professionals, June 2016
A rapid increase in the use
of ransomware
Espionage and intelligence
gathering by nation-states on
commercial enterprises
The possibility of a major data
leak/dump from a trusted
third party
Sophisticated malware that can
circumvent current defenses
Social engineering attacks targeted directly at
individuals in a specific enterprise
New threats to mobile devices Other
37%
20%
12%
11%
9%
9%
2%
Figure 4
www.blackhat.com
9. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
July 2016 9
more people — and with the pool of available
applicants shrinking — it has become a seller’s
market for the skilled cybersecurity profession-
al. If they had to leave their current position,
95% of survey respondents said they believe
they could find new work either “very quickly”
(61%) or “without too much trouble” (34%).
That’s quite a leap from most other Americans,
who currently take 27.8 weeks, on average, to
find new work, according to the US Bureau of
Labor Statistics.
The Security Priorities Gap
For the second year running, security profession-
als’ top concerns are social engineering (46%)
and sophisticated attacks targeted directly at
their organization (43%). In 2015, 57% of respon-
dentscitedsophisticated,targetedattacksasone
of their three main worries, earning it first place
on the list.This year, that percentage tumbled to
43%, but these targeted attacks only slipped to
second place in the ranks; it’s still one of the most
critical security issues. Social engineering held
fastat46%from2015to2016,andthusrosefrom
second place to first. (See Figure 8.)
These threats may be the things that keep
What is the weakest link in today’s enterprise
IT defenses?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
End users who violate security policy and are too easily fooled by social engineering attacks
Web-based threats and the failure of SSL and digital certificates
Vulnerabilities in internally-developed software
Vulnerabilities in off-the-shelf software
An overabundance of security information and event data that takes too long to analyze
PC, Mac, and endpoint vulnerabilities
Single-function security tools and products that don’t talk to each other
Signature-based security products that can’t recognize new and zero-day threats
Mobile device vulnerabilities
Cloud services and cloud application vulnerabilities
A lack of comprehensive security architecture and planning that goes beyond “firefighting”
28%
33%
17%
20%
12%
11%
7%
9%
7%
7%
6%
3%
4%
3%
4%
4%
5%
4%
4%
6%
2%
3%
2016 2015
Figure 5
www.blackhat.com
10. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 10
security professionals awake at night— but
they aren’t necessarily the things they spend
the most time and money on during the day.
For the second straight year, the Black Hat At-
tendee Survey revealed some clear differences
between the priorities of the security pro and
the priorities of those who make the sched-
ules, plans, and budgets.
When asked how they spend most of their
time on in an average day, security profession-
als cited measuring security posture and risk
(first place, 35%) and maintaining compliance
(second place, 32%) — both new options in
the 2016 survey — as the top two time-con-
sumers. “Security vulnerabilities created by
my own internal application development
team”— last year’s first-place answer to this
question — took third place (27%). Address-
ing social engineering and sophisticated, tar-
geted attacks only made it to fourth place and
eighth place, respectively. (See Figure 9.)
When asked how they spend most of their
budget, security pros gave much the same re-
port. Compliance took a big chunk out of the
most respondents’ budgets (31%), while risk
measurement finished second (23%). Fixing
the internal dev team’s errors was third (19%).
Social engineering and sophisticated targeted
attacks fared only slightly better at getting
funding than they did getting man-hours,
garnering fourth place (19%) and sixth place
(16%), respectively.
These results are stark in the context of the
other data collected by the 2016 Black Hat
Attendee Survey, which showed a clear short-
age of resources such as human capital and
funding. The data suggest that security profes-
sionals, already underfunded and understaffed,
Do you have plans to seek an IT security position
anytime in the near future?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Yes, I am actively looking for
employment right now
No definite plans, but I am
always updating my resume
and looking for a better post
I’m not doing any active job
research, but if some other
company called me, I would
listen
I really love my job and my
employer and it would take
a LOT to get me to move
2016 2015 I am an indentured servant
and would be beheaded if
I tried to escape
12%11%
24%
3%
30%
32%
33%
30%
24%
1%
Figure 6
www.blackhat.com
11. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 11
are often unable to devote those limited
resources to their most important priorities.
Interestingly, that dichotomy is not al-
ways driven by a lack of understanding
among upper management. When asked
what they believe are the highest security-
related priorities of their top executives,
Black Hat Attendee Survey respondents
cited both sophisticated, targeted attacks
(33%) and social engineering (24%) as be-
ing among the top three. Compliance (28%)
finished second. This is consistent with last
year’s data, in which security pros also saw
sophisticated, targeted attacks and social
engineering as being high on their manage-
ment’s priority lists as well. (See Figure 10.)
Yet even though they see management as
having many of the same priorities that they
do, many security pros are losing faith that
their non-security colleagues understand the
threat that their organizations face today.
Only 25% of respondents said their non-secu-
rity managers and colleagues understand the
current threat and support security efforts at
their organization; this is down from 31% last
year. An additional 10% said their non-security
colleagues understand the threat“but have to
be dragged into security conversations” (up
from 9% last year). (See Figure 11.)
Exactly what is the threat that security
pros want their colleagues to understand?
By far, the attacker that Black Hat Attendee
Survey respondents fear most is the one who
has inside knowledge of their organization
(36%). Some security pros are more worried
about attackers who have strong backing by
organized crime or nation-states (18%);
others are concerned about attackers who
Figure 7
Do you have a clear, upward career growth path
in your current place of employment?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Yes, I know the next step or
level I can get to and I am
working toward it now
No,but I have some ideas
about my options and I’m
pretty sure I’ll be here a while
I’m not sure, but I think I’m
doing a good job and I
think my employer will
take care of me
No, I can’t see any clear path
for growth and I’m thinking
about looking for another job
2016 2015
I can’t type because I’m
smashed up against this
glass ceiling
44%
38%
31%
11%
17%
3%
31%
11%
12%
3%
www.blackhat.com
12. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
July 2016 12
have highly sophisticated attack skills (15%). In
general, though, respondents were most con-
cerned about insiders or attackers who know
the most about their organizations.
What will security pros worry most about in
the future? For the second straight year, the
security of non-computer devices and systems
— the Internet of Things — was cited as the
most critical issue that respondents believe
they will worry about two years from now. The
percentage of respondents who gave this re-
sponse dropped significantly — to 28% from
36% a year ago — but IoT remained the most
frequently cited concern on the horizon. This
is a fascinating response because IoT barely
registers as a concern (9%) among current
threats. Clearly, security professionals expect
IoT security to become a crucial issue over the
next two years. (See Figure 12.)
Conclusion
Perhaps the most important conclusion we
can draw from the 2016 Black Hat Attendee
Survey is that the pressures on security pro-
fessionals are not letting up — in fact, they
are intensifying. In nearly every question and
Figure 8
Of the following threats and challenges, which are
of the greatest concern to you?
Note: Maximum of three responses allowed
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Phishing, social network exploits, or other forms of social engineering
Sophisticated attacks targeted directly at the organization
Security vulnerabilities introduced by my own application development team
Data theft or sabotage by malicious insiders in the organization
Espionage or surveillance by foreign governments or competitors
Accidental data leaks by end users who fail to follow security policy
Polymorphic malware that evades signature-based defenses
Ransomware or other forms of extortion perpetrated by outsiders
The effort to accurately measure my organization’s security
posture and/or risk
Attacks or exploits on cloud services, applications,
or storage systems used by my organization
Internal mistakes or external attacks that cause
my organization to lose compliance with industry
or regulatory requirements
Security vulnerabilities introduced through the
purchase of off-the-shelf applications or systems
Surveillance by my own government
Data theft, sabotage, or disclosure by “hacktivists”
or politically-motivated attackers
The effort to keep my organization in compliance
with industry and regulatory security guideline
Attacks or exploits brought into the organization
via mobile devices
Digital attacks on non-computer devices and
systems – the Internet of Things
Attacks on suppliers, contractors, or other partners
that are connected to my organization’s network
46%
46%
16%
11%
14%
13%
N/A
12%
11%
11%
9%
8%
12%
7%
10%
9%
9%
9%
9%
7%
20%
20%
17%
19%
20%
21%
16%
15%
20%
15%
N/A
15%
N/A
13%
57%
43%
2016 2015
www.blackhat.com
13. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
July 2016 13
category, Black Hat attendees indicated that
their environments are more at risk this year
thantheywerelastyear—yettheavailabilityof
resources and skills has actually decreased.
The shortage of people and skills clearly
jumped out as the most important issue
identified in this year’s survey.
To compound the resource shortage, today’s
security pros are also facing an increasing gap
between the priorities they themselves set
for the security department and the priorities
of those who control their time, people, and
budgets. While they might be lying awake
nights worrying about social engineering or
targeted attacks, their days are spent mostly
in more mundane tasks, such as maintaining
compliance or troubleshooting internally de-
veloped applications.
To gain ground on the bad guys, security
teams will have to find new ways to staff and
fund their initiatives — perhaps through ad-
ditional automation and by reducing the re-
quirement for highly developed skills. Security
pros will also need to examine new technolo-
gies and practices that can reduce the need
for staffing and budget, as well as new ways to
make their existing team more cost-efficient.
Figure 9
Which consume the greatest amount of your
time during an average day?
Note: Maximum of three responses allowed
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
The effort to accurately measure my organization’s security posture and/or risk
The effort to keep my organization in compliance with industry and
regulatory security guidelines
Security vulnerabilities introduced by my own application development team
Phishing, social network exploits, or other forms of social engineering
Security vulnerabilities introduced through the purchase of off-the-shelf
applications or systems
Internal mistakes or external attacks that cause my organization to lose
compliance with industry or regulatory requirements
Accidental data leaks by end users who fail to follow security policy
Sophisticated attacks targeted directly at the organization
Attacks or exploits on cloud services, applications,
or storage systems used by my organization
Ransomware or other forms of extortion
perpetrated by outsiders
Attacks or exploits brought into the organization
via mobile devices
Espionage or surveillance by foreign
governments or competitors
Data theft or sabotage by malicious insiders
in the organization
Attacks on suppliers, contractors, or other partners
that are connected to my organization’s network
Data theft, sabotage, or disclosure by “hacktivists”
or politically-motivated attackers
Surveillance by my own government
Polymorphic malware that evades signature-
based defenses
Digital attacks on non-computer devices and
systems – the Internet of Things
N/A
N/A
35%
31%
33%
30%
26%
20%
35%
9%
7%
32%
27%
25%
21%
19%
19%
11%
11%
9%
N/A
8%
7%
8%
7%
6%
7%
8%
6%
4%
3%
3%
14%
6%
6%
2%
2016 2015
www.blackhat.com
14. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 14www.blackhat.com
APPENDIX
Figure 10
Which are of greatest concern to your company’s
top executives or management?
Note: Maximum of three responses allowed
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Sophisticated attacks targeted directly at the organization
The effort to keep my organization in compliance with industry
and regulatory security guidelines
Phishing, social network exploits, or other forms of social engineering
Accidental data leaks by end users who fail to follow security policy
The effort to accurately measure my organization’s security posture and/or risk
Data theft or sabotage by malicious insiders in the organization
Data theft,sabotage,or disclosure by“hacktivists” or politically-motivated attackers
Internal mistakes or external attacks that cause my organization to
lose compliance with industry or regulatory requirements
Espionage or surveillance by foreign governments or competitors
Ransomware or other forms of extortion perpetrated by outsiders
Security vulnerabilities introduced by my own
application development team
Attacks or exploits on cloud services, applications,
or storage systems used by my organization
Polymorphic malware that evades
signature-based defenses
Attacks on suppliers, contractors, or other partners
that are connected to my organization’s network
Security vulnerabilities introduced through the
purchase of off-the-shelf applications or systems
Attacks or exploits brought into the organization
via mobile devices
Digital attacks on non-computer devices and
systems – the Internet of Things
Surveillance by my own government
33%
28%
N/A
N/A
N/A
44% 9%
14%
12%
1%
3%
3%
3%
3%
4%
4%
5%
7%
8%
7%
10%
5%
24%
27%
20%
19%
17%
16%
14%
27%
29%
27%
17%
13%
10%
17%
2016 2015
15. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 15www.blackhat.com
Do non-security professionals in your organization
understand the IT security threat that your
organization faces today?
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Yes, and they are supportive of IT security initiatives
What threats?
There are a few who get it, but most of them are clueless
It’s a mixed bag – some of them are, some of them aren’t
Yes, but they have to be dragged into the security discussion
25%
31%
10%
9%
46%
17%
41%
17%
2%
2%
2016 2015
Figure 11
16. Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
2016 Black Hat Attendee Survey
July 2016 16
Figure 12
www.blackhat.com
Which do you believe will be of greatest concern
two years from now?
Note: Maximum of three responses allowed
Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
Data theft or sabotage by malicious insiders in
the organization
Espionage or surveillance by foreign governments or competitors
Digital attacks on non-computer devices and systems – the Internet of Things Data theft, sabotage, or disclosure by “hacktivists”
or politically-motivated attackers
The effort to accurately measure my organization’s
security posture and/or risk
Accidental data leaks by end users who fail to
follow security policy
Accidental data leaks by end users who fail to
follow security policy
Attacks on suppliers, contractors, or other partners
that are connected to my organization’s network
Internal mistakes or external attacks that cause
my organization to lose compliance with industry
or regulatory requirements
Security vulnerabilities introduced by my own
application development team
The effort to keep my organization in compliance
with industry and regulatory security guidelines
Sophisticated attacks targeted directly at the organization
Phishing, social network exploits, or other forms of social engineering
Attacks or exploits brought into the organization via mobile devices
Attacks or exploits on cloud services, applications, or storage systems
used by my organization
Polymorphic malware that evades signature-based defenses
Surveillance by my own government
Ransomware or other forms of extortion perpetrated by outsiders
24%
24%
20%
19%
18%
16%
16%
26%
33%
22%
22%
24%
22%
15%
13%
9%
15%
N/A
N/A
N/A
10%
28%
36% 13%
9%
7%
10%
7%
13%
7%
8%
7%
7%
6%
7%
12%
2016 2015