According to a recent study, most enterprises are failing to allocate the proper time, budget and staffing resources to address the issues that security professionals consider to be the most serious threats.
The 2015 Black Hat Attendee survey (PDF), which includes responses from 460 management and staff security professionals, found that 57 percent of respondents believe sophisticated, targeted attacks are of utmost concern.
Meanwhile, a mere 26 percent of security professionals cited targeted attacks were among their organization’s top three IT security spending priorities, and only 20 percent of respondents said these threats consumed the greatest amount of their time during an average workday.
Furthermore, phishing and other forms of social engineering attacks are also seen as a top concern for 46 percent of those surveyed; however, respondents claimed their efforts to address these threats are lessened due to lack of time and budget.
“As organizations struggle to find better, more efficient defenses against attack, perhaps the most significant result from the 2015 Black Hat Attendee survey is the disparity between the threats that keep security professionals awake at night and the tasks that keep them occupied during the day,” read the report.
The survey findings revealed that 35 percent of security professionals spend the majority of their time addressing security vulnerabilities introduced by their own application development team, while 33 percent said vulnerabilities introduced through the purchase of off-the-shelf applications or systems consumes most of their day.
Other tedious tasks for security professionals included internal mistakes or external attacks that may cause the organization to lose compliance with industry or regulatory requirements (30 percent), as well as accidental data leaks by end user who failed to follow the security policy (26 percent).
In addition, the survey asked respondents how likely it would be for a particular enterprise to experience a major breach in the coming year.
“Business executives may continue to hope to remain unscathed, but security professionals are facing the hard reality that their organizations probably will be next,” read the report.
Nearly 3 out of 4 Black Hat attendees said it’s likely that they will have to respond to a significant compromise in the coming year – 13 percent said they have “no doubt” about it, 24 percent said it’s “highly likely,” and 36 percent said the event is “somewhat likely.”
As we continue to hear from numerous industry experts, many said “it’s not a matter of if, but when.”