Biggest Concerns and Highest Priorities Among Information Security Professionals

According to recent research, there is currently a significant gap between the priorities and concerns, as well as the actual expenditure, of security resources within the average enterprise.

Following a survey of nearly 500 top-level security experts conducted by information security specialists Black Hat, it appears that enterprises need to be doing more to ensure they are maximising the use of their security resources.

It has been projected in Gartner Group figures that enterprises will spend more than $71.1billion on information security in 2015, which is more than ever before. However, the incidence of major data breaches shows no signs of relenting.

As enterprises continue to struggle with online attacks and data leaks, the need to determine what can be done to ease this challenge is becoming more prominent.

The research revealed that most enterprises are not spending their time, budget, and staffing resources on the problems that security professionals consider to be the highest priorities.

This was highlighted by some of the key findings of the research, with 57% of respondents indicating attacks targeted directly at their organisation as their greatest concern, but then only 26% indicating that mitigating these attacks were among the top three security spending priorities in their organisation. To compound this disparity, a worrying 20% admitted targeted attacks were among the top three tasks they spend the most time on day-to-day.

At 46%, the second highest concern was phishing, social network exploits or other forms of social engineering. However, only 22% indicated their organisation spends a large portion of their security budget on these issues, and only 31% indicated that they spend a large amount of their time on social engineering.

One third of respondents revealed that the majority of their time is spent on addressing vulnerabilities introduced by off-the-shelf software, and 35% on addressing vulnerabilities introduced by internally developed software.

Major data breaches are extremely serious and damaging to businesses, yet 73% of respondents feel it is likely that their organisations will have to deal with such an issue in the year ahead. This is largely down to a perception that enterprises have a shortage of resources to handle such attacks.

Only 27% of respondents said they believe their organisation has enough staff to defend itself against current threats. Additionally, a mere 34% said their organisation has enough budget to defend itself against current threats, while 55% indicated that further training in these areas was necessary.

The staggering findings of the research makes it clear that the IT security strategies currently in place should be carefully reviewed, and that strategies may be insufficient for protecting enterprises from their most dangerous threats.