The benefits of mobile network access are rippling through society and driving explosive growth in mobile devices and cloud services. But counterbalancing gains in productivity, adaptability and convenience are increased security risks and threats, as a new report on cyber threat reveals.
The networks of more than 60% of the 750 information security professionals surveyed by CyberEdge Group LLC for its inaugural Cyberthreat Defense Report had been breached in 2013. One-quarter said employer investment in adequate defenses was lacking. When it comes to security, mobile devices are perceived as the weakest link in the network chain.
Sponsored by Palo Alto Networks and other information security vendors, the Cyberthreat Defense Report is intend to complement Verizon’s annual Data Breach Investigations Report.
“For years, Verizon has done a tremendous job assessing the current state of the cyberthreat landscape. But aside from a few vendor-leaning reports, no independent research firm has conducted a formal study to adequately assess the perceptions of IT security practitioners and the security posture of their employer’s networks. That ends today with the launch of our inaugural Cyberthreat Defense Report,” CyberEdge CEO Steve Piper was quoted in a press release.
“As security professionals, it’s not only important to know what threats are coming at us, but what our peers are doing about them. This report provides this level of insight in a purely unbiased way.”
CyberEdge’s report also echoes new market research from Softchoice, which found that employees using cloud services, and more specifically Software-as-a-Service (SaaS) applications, were significantly more irresponsible about password security, file transfer and IT compliance.
Added Palo Alto Networks’ vice president of product marketing Scott Gainey, “The findings include concerns about new sophisticated cyber threats coupled with a clear sentiment that legacy point products are no longer effective.”
Among the Cyberthreat Defense Report’s key takeaways:
- Concern for mobile devices. Participants were asked to rate— on a scale of 1 to 5, with 5 being highest—their organization’s ability to defend cyber threats across nine IT domains. Mobile devices (2.77) received the lowest marks, followed by laptops (2.92) and social media applications (2.93). Virtual servers (3.64) and physical servers (3.63) were deemed most secure.
- The BYOD invasion. By 2016, 77 percent of responding organizations indicate they’ll have bring-your-own-device (BYOD) policies in place. 31 percent have already implemented BYOD policies, 26 percent will follow within 12 months, and another 20 percent will follow within two years.
- Inadequate security investments. Although 89 percent of respondents’ IT security budgets are rising (48 percent) or holding steady (41 percent), one in four doubts whether their employer has invested adequately in cyberthreat defenses.
- Improved security or wishful thinking? Although 60 percent of respondents confessed to being affected by a successful cyber attack in 2013, only 40 percent expect to fall victim again in 2014.
- Next-gen firewalls on the rise. Out of 19 designated network security technologies, next-generation firewalls (29%) are most commonly cited for future acquisition, followed by network behavior analysis (26%) and big data security analytics (24%).
- Malware and phishing causing headaches. Of eight designated categories of cyber threats, malware and phishing/spear-phishing are top of mind and pose the greatest threat to responding organizations. Denial-of-service (DoS) attacks are of least concern.
- Ignorance is bliss. Less than half (48 percent) of responding organizations conduct full-network active vulnerability scans more frequently than once per quarter, while 21 percent only conduct them annually.
- Dissatisfaction with endpoint defenses. Over half of respondents indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (22 percent) their existing endpoint protection software.
- Careless employees are to blame. When asked which factors inhibit IT security organizations from adequately defending against cyber threats, “low security awareness among employees” was most commonly cited, just ahead of “lack of budget.”