14
CompTIA’s 11 th Annual Information Security Trends

CompTIA 11th Annual Information Security Trends

  • Upload
    comptia

  • View
    2.409

  • Download
    0

Embed Size (px)

DESCRIPTION

Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to a new study released by CompTIA, the non-profit association for the information technology industry.

Citation preview

Page 1: CompTIA 11th Annual Information Security Trends

CompTIA’s 11th Annual

Information Security Trends

Page 2: CompTIA 11th Annual Information Security Trends

Most Companies Expect to Maintain High Focus on Security

Moderately or Significantly Lower Priority

No Change

Moderately Higher Priority

Significantly Higher Priority

3%

18%

51%

28%

2%

17%

44%

37%

2 Years from Now Forecast

Compared to 2 Years Ago

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security

Page 3: CompTIA 11th Annual Information Security Trends

Assessing the Cybersecurity LandscapeSecurity Concern Change in Trend

Security ThreatsModerate Concern

Serious Concern

No Change / Less Critical

Today

More Critical Today

Malware (e.g. viruses, worms, trojans, botnets, etc.) 38% 53% 52% 48%

Hacking (e.g. DoS attack, APT, etc.) 42% 44% 53% 47%

Social engineering/Phishing 45% 37% 62% 38%

Data loss/leakage 46% 35% 70% 30%

Understanding security risks of emerging areas, i.e. cloud, mobile, social 49% 32% 61% 39%

Physical security threats (e.g. theft of a device) 42% 28% 72% 28%

Intentional abuse by insiders, i.e. staff, contractors 42% 26% 76% 24%Lack/inadequate enforcement of company security policy 45% 23% 77% 23%

Lack of budget/support for investing in security 42% 23% 76% 24%

Human error among IT staff 47% 22% 80% 20%

Human error among general staff 55% 21% 76% 24%

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security

Page 4: CompTIA 11th Annual Information Security Trends

External Vulnerability Assessments

Enterprise Security Intelligence

Security Information and Event Management

Formal risk assessment

Identity and Access Management

Data Loss Prevention

28%

22%

32%

35%

39%

55%

25%

34%

37%

40%

43%

54%

40%

41%

44%

51%

61%

71%

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security

Large FirmsMedium FirmsSmall Firms

Security Defenses in Use

Page 5: CompTIA 11th Annual Information Security Trends

Human Element a Major Part of Security Risk

Factors inSecurity Breaches

55%

45%

Human Error

TechnologyError

Top Human Error Sources

42% End user failure to follow policies and procedures

41% IT staff failure to follow policies and procedures

39% Lack of security expertise with website/applications

38% Lack of security expertise with IT infrastructure

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 320 end users experiencing security breaches/244 end users with human error issues

Page 6: CompTIA 11th Annual Information Security Trends

Change in Security ApproachOver Past Two Years

13%

51%

36%

Moderate amount of

change

No change/small

amount of change

Drastic amount of

changeSource: CompTIA’s 11th Annual Information Security Trends study

Base: 500 U.S. IT and business executives (aka end users) responsible for security

View of Drastic/Moderate

Change by Job Function

70% Business Function

69% IT Function

44% Executives

Page 7: CompTIA 11th Annual Information Security Trends

Formal Risk Analysis Not a Part of Security Planning for Most Companies

26%

33% 41

%

Currently Using

No plans/Not familiar

Planning to Use

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security

Page 8: CompTIA 11th Annual Information Security Trends

Balancing Risk and Security

18%

66%

17%

AppropriateBalance

SecurityToo Stringent

Too MuchRisk

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security

Reasons to Mitigate Security Risk

67% Nature of emerging threats

56% Result of security evaluation

50% New business model/offerings

Reasons to Accept More Security Risk

66% Desire to use new technology

63% Changing security landscape

53% Potential business benefits

Page 9: CompTIA 11th Annual Information Security Trends

Rating of Workforce Security Mindset

44% 48%

8%

Advanced – Understand Policies

and Try to Stay Compliant

Source: CompTIA’s 10th Annual Information Security Trends studyBase: 306 end users experiencing security breaches over past year

Basic – Unfamiliar with

Some Details but Generally Aware

Low Priority – More Focused on

Work Tasks and Less on Security

Page 10: CompTIA 11th Annual Information Security Trends

Changes on the Technology Landscape Affecting Security

Consumerization of IT

Volume of security threats

Growing organization of hackers

Sophistication of security threats

Interconnectivity of devices/systems

Availability of easy-to-use hacking tools

Cloud Computing

Rise of social networking

33%

39%

47%

47%

48%

49%

51%

52%

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security

Page 11: CompTIA 11th Annual Information Security Trends

Review of Cloud Provider Security

Amount of Review Done by End Users

14%

40%

29%

Little/None/Don’t Know

HeavyModerate

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 435 end users with cloud solutions

17% say it depends on situation

Areas Reviewed by End Users

• Identity and access management

• BC/DR plans of cloud provider

• Data integrity assurances

• Data encryption at rest and in transit

• Data and backup retention policies

• Regulatory compliance of provider

• Credentials held by provider

• Geographic location of data centers

Page 12: CompTIA 11th Annual Information Security Trends

Mobile Security Incidents Within Businesses

None of the above

Violation of policy on corporate data

Mobile phishing attack

Employees disabling security features

Mobile malware

Lost/stolen device

34%

25%

20%

19%

19%

38%

31%

23%

24%

26%

28%

39%

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security

20132012

Page 13: CompTIA 11th Annual Information Security Trends

The Growing Threat of Data Loss

Experiencing Data Loss in the Past Year

6%

50%

25%

0.19

Don’tKnow

YesNo

Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 end users/190 end users experiencing data loss

Types of Data Lost

55% Corporate financial data

43% Data about employees

42% Intellectual property

28% Customer data

22% Believe data was lost, but not sure which data

Definitely

Probably

Page 14: CompTIA 11th Annual Information Security Trends

com

ptia

.org

Want to know more?

As the voice of the IT industry, CompTIA has hundreds of tools, market intelligence reports and business training programs to help IT organizations grow through education, certification, advocacy and philanthropy.

Check it out at www.comptia.org.

Want to know about our research on the IT workforce?

Visit http://www.comptia.org/research/it-workforce.aspx.