Upload
comptia
View
2.409
Download
0
Embed Size (px)
DESCRIPTION
Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to a new study released by CompTIA, the non-profit association for the information technology industry.
Citation preview
CompTIA’s 11th Annual
Information Security Trends
Most Companies Expect to Maintain High Focus on Security
Moderately or Significantly Lower Priority
No Change
Moderately Higher Priority
Significantly Higher Priority
3%
18%
51%
28%
2%
17%
44%
37%
2 Years from Now Forecast
Compared to 2 Years Ago
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security
Assessing the Cybersecurity LandscapeSecurity Concern Change in Trend
Security ThreatsModerate Concern
Serious Concern
No Change / Less Critical
Today
More Critical Today
Malware (e.g. viruses, worms, trojans, botnets, etc.) 38% 53% 52% 48%
Hacking (e.g. DoS attack, APT, etc.) 42% 44% 53% 47%
Social engineering/Phishing 45% 37% 62% 38%
Data loss/leakage 46% 35% 70% 30%
Understanding security risks of emerging areas, i.e. cloud, mobile, social 49% 32% 61% 39%
Physical security threats (e.g. theft of a device) 42% 28% 72% 28%
Intentional abuse by insiders, i.e. staff, contractors 42% 26% 76% 24%Lack/inadequate enforcement of company security policy 45% 23% 77% 23%
Lack of budget/support for investing in security 42% 23% 76% 24%
Human error among IT staff 47% 22% 80% 20%
Human error among general staff 55% 21% 76% 24%
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security
External Vulnerability Assessments
Enterprise Security Intelligence
Security Information and Event Management
Formal risk assessment
Identity and Access Management
Data Loss Prevention
28%
22%
32%
35%
39%
55%
25%
34%
37%
40%
43%
54%
40%
41%
44%
51%
61%
71%
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security
Large FirmsMedium FirmsSmall Firms
Security Defenses in Use
Human Element a Major Part of Security Risk
Factors inSecurity Breaches
55%
45%
Human Error
TechnologyError
Top Human Error Sources
42% End user failure to follow policies and procedures
41% IT staff failure to follow policies and procedures
39% Lack of security expertise with website/applications
38% Lack of security expertise with IT infrastructure
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 320 end users experiencing security breaches/244 end users with human error issues
Change in Security ApproachOver Past Two Years
13%
51%
36%
Moderate amount of
change
No change/small
amount of change
Drastic amount of
changeSource: CompTIA’s 11th Annual Information Security Trends study
Base: 500 U.S. IT and business executives (aka end users) responsible for security
View of Drastic/Moderate
Change by Job Function
70% Business Function
69% IT Function
44% Executives
Formal Risk Analysis Not a Part of Security Planning for Most Companies
26%
33% 41
%
Currently Using
No plans/Not familiar
Planning to Use
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security
Balancing Risk and Security
18%
66%
17%
AppropriateBalance
SecurityToo Stringent
Too MuchRisk
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security
Reasons to Mitigate Security Risk
67% Nature of emerging threats
56% Result of security evaluation
50% New business model/offerings
Reasons to Accept More Security Risk
66% Desire to use new technology
63% Changing security landscape
53% Potential business benefits
Rating of Workforce Security Mindset
44% 48%
8%
Advanced – Understand Policies
and Try to Stay Compliant
Source: CompTIA’s 10th Annual Information Security Trends studyBase: 306 end users experiencing security breaches over past year
Basic – Unfamiliar with
Some Details but Generally Aware
Low Priority – More Focused on
Work Tasks and Less on Security
Changes on the Technology Landscape Affecting Security
Consumerization of IT
Volume of security threats
Growing organization of hackers
Sophistication of security threats
Interconnectivity of devices/systems
Availability of easy-to-use hacking tools
Cloud Computing
Rise of social networking
33%
39%
47%
47%
48%
49%
51%
52%
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. IT and business executives (aka end users) responsible for security
Review of Cloud Provider Security
Amount of Review Done by End Users
14%
40%
29%
Little/None/Don’t Know
HeavyModerate
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 435 end users with cloud solutions
17% say it depends on situation
Areas Reviewed by End Users
• Identity and access management
• BC/DR plans of cloud provider
• Data integrity assurances
• Data encryption at rest and in transit
• Data and backup retention policies
• Regulatory compliance of provider
• Credentials held by provider
• Geographic location of data centers
Mobile Security Incidents Within Businesses
None of the above
Violation of policy on corporate data
Mobile phishing attack
Employees disabling security features
Mobile malware
Lost/stolen device
34%
25%
20%
19%
19%
38%
31%
23%
24%
26%
28%
39%
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 U.S. end users responsible for security
20132012
The Growing Threat of Data Loss
Experiencing Data Loss in the Past Year
6%
50%
25%
0.19
Don’tKnow
YesNo
Source: CompTIA’s 11th Annual Information Security Trends studyBase: 500 end users/190 end users experiencing data loss
Types of Data Lost
55% Corporate financial data
43% Data about employees
42% Intellectual property
28% Customer data
22% Believe data was lost, but not sure which data
Definitely
Probably
com
ptia
.org
Want to know more?
As the voice of the IT industry, CompTIA has hundreds of tools, market intelligence reports and business training programs to help IT organizations grow through education, certification, advocacy and philanthropy.
Check it out at www.comptia.org.
Want to know about our research on the IT workforce?
Visit http://www.comptia.org/research/it-workforce.aspx.