Fighting a Security War With Yesterday’s Tech
The top external threat to enterprises is cyber-criminals, but security pros with outdated tools face a daunting task of repelling groups looking to cause harm.
$40 billion is spent annually on information security products, most of which goes to legacy security technologies, like firewalls, antivirus and intrusion prevention. Despite this, breaches continue.
Despite the disconnect between spending and what is needed, 58% of respondents are increasing spending to offset threats to data, and 37% are increasing spending on data-at-rest defenses this year.
61% of U.S. federal respondents say they experienced a breach in the past, higher than the U.S. average of 57% and trailing only healthcare, which is 63%.
Although nation-state attacks have been in the news, the top external threat actors identified by respondents are cyber-criminals, at 76%. Nation-state hackers are a distant fourth, at 47%.
U.S. federal respondents are the least likely to increase their spending due to data breaches—42% versus 32%.
48% of respondents would like to implement data security to follow industry best practices.
Compliance standards fail to stop multilevel, multiphasic attacks, and being compliant does not ensure that sensitive data will not be stolen. Yet 57% of U.S. federal respondents view meeting compliance requirements as a very or extremely effective way to protect sensitive data.
51% of respondents say perception of complexity is the No. 1 barrier to more widely adopting data security. But complex deployments require significant staffing. Lack of staff is the second-highest barrier at 44%.
The biggest internal threat actors are privileged users at 64%. Contractors account for 43%.
Despite top concerns being security breaches from a shared infrastructure (70%), 84% of respondents plan to store sensitive data in some form of public cloud within the next 12 months.
56% of respondents plan to store sensitive data in the cloud. 15% regard big data implementations as one of the top three risks for loss of sensitive information.
Securing sensitive data generated by IoT devices is the primary concern of 35% of respondents, followed by loss or theft of these devices at 29%.