[May 23, 2018] |
|
New Trustwave Report Uncovers Key Drivers Steadily Increasing Cybersecurity Pressures
Trustwave today released the 2018
Security Pressures Report based on a global survey of 1,600
full-time IT professionals who are security decision makers or security
influencers within their organization. The fifth-annual report delves
deep into the causalities of pressures in-house security professionals
face as they strive to keep pace with an evolving threat landscape.
Conclusions are based on a year-over-year comparison of 2016 and 2017
data encompassing regional perspectives from Australia, Canada, Japan,
Singapore, United Kingdom (U.K.) and United States (U.S.).
Findings show that a majority of IT and cybersecurity professionals
experienced increased pressures in 2017 when compared to the previous
year, driven largely by a steep rise in sophisticated malware, continued
deficit of high-level security talent and budget constraints. This
report marks the fifth consecutive year pressures have increased year
over year. On the flip side, there were a few bright spots. For
instance, pressure to rush IT projects before they are security ready is
decreasing and incorporation of managed security services to fill
resource and technology gaps has gained traction, signaling a concerted
effort to address pressures through better practices.
Key highlights from the 2018
Security Pressures Report from Trustwave include:
-
Security Pressures Remain High: Overall, 54% of respondents
experienced more security pressures in 2017 when compared to 2016.
U.S. respondents cite the most increased pressure at 61%, followed by
Japan at 55% and Singapore at 54%. Encouraging however is that 54% of
respondents on average are more confident than they were five years
ago in their ability to secure their organization, while only 15% are
less confident.
-
Advanced Threats Tops Operation Concerns: Although slightly
down from 2017, advanced security threats, such as sophisticated
malware and zero-day vulnerabilities, still causes the greatest
concern at the operational level overall at 26% followed by lack of
budget at 17% and lack of skilled security expertise at 16%. Japan
felt the most pressure from advanced threats at 38%, which correlated
with findings that the country is experiencing the highest overall
concern over security talent deficiencies at 27%.
-
Flling for the Bait: Of the most pressure-inducing security
threats and responsibilities facing respondents, phishing attacks were
the decisive riser, increasing from 8% last year to 13%, as
cybercriminals step up social engineering attacks. Preventing malware
(including ransomware), however, remains the top stressor across all
regions, accounting for 22% of respondents followed by identifying
vulnerabilities at 17%. Surprisingly low on the list for a consecutive
year at 11% is detecting malicious activity and compromises. While
anecdotally organizations are shifting away from prevention-focused
security strategies, these findings may indicate a lack of internal
resources necessary to address threat detection at a level that would
increase pressures.
-
Direct Managers Turn Up the Heat: Overall, C-level executives,
board members and business owners are exerting the most pressure on IT
and security teams, accounting for 39% of total respondents, down,
however, from 46% in 2017 and 69% from two years ago. Singapore leads
at 58% and is a full 17 points higher than the United Kingdom, which
places second. Pressure from direct managers has jumped eight points
since 2016, accounting for 27% of total respondents - a positive
development as those most closely connected to given security outcomes
are appropriately exerting the pressure.
-
Slow and Steady Wins the Security Race: The tide is turning
against the practice of rushed deployment of IT projects before
security due diligence is adequately applied. At 42%, down a full
eight points on average across all regions, IT security professionals
felt less pressure to roll out projects before security concerns were
addressed. Australia, Canada and the United States experienced the
largest pressure relief in this category. Canada led overall with 59%
of respondents agreeing they felt no pressure to hurry along projects.
-
GDPR Compliance Causing Concern: The looming prospect of heavy
fines for non-compliance with the Global Data Protection Regulation
(GDPR) for any organization handling personally identifiable
information (PII) of European Union citizens resulted in 26% of
respondents citing the new mandate as the key source of compliance
pressure, just a single point behind Payment Card Industry Data
Security Standard (PCI (News - Alert) DSS). Surprisingly, nearly a quarter of total
respondents are not feeling any compliance pressures, pointing toward
the likelihood of increased security maturity, in which case
compliance challenges are less frequent.
-
Managed Security Services Gaining Traction: Among the fastest
growing responses to increased security pressures is the managed
security model that offers a host of technology solutions and security
expertise on-demand. Thirty-three percent of overall
respondents already partner with a managed security services provider
(MSSP) and 45% plan to in the future, a five-point increase from 2017.
Respondents top three reasons for partnering with an MSSP include:
compensating for in-house skill shortages at 31%; adopting, deploying
and operating hard-to-use security technologies at 30%; and assisting
with security automation at 28%.
"Cybercrime will remain a remarkably lucrative business model for the
foreseeable future and, like legitimate industries, will continue to
evolve through efficiencies, adaptation and innovation," said Chris
Schueler, senior vice president of managed security at Trustwave. "As
this year's report depicts, it's this continuous advancement of the
threat landscape, coupled with internal resource constraints, causing
sleepless nights for those charged with securing assets. But it is
encouraging that findings also suggest organizations are shifting away
from treating security as an afterthought to focus on practices such as
secure code development, frequent security testing, and bolstering
internal capabilities through managed service models to ease pressure."
To download a complimentary copy of the 2018 Security Pressures Report
from Trustwave, visit: https://www2.trustwave.com/2018-Security-Pressures-Report.html.
About Trustwave
Trustwave helps businesses fight cybercrime, protect data and reduce
security risk. With cloud and managed security services, integrated
technologies and a team of security experts, ethical hackers and
researchers, Trustwave enables businesses to transform the way they
manage their information security and compliance programs. More than
three million businesses are enrolled in the Trustwave TrustKeeper®
cloud platform, through which Trustwave delivers automated, efficient
and cost-effective threat, vulnerability and compliance management.
Trustwave is headquartered in Chicago, with customers in 96 countries.
For more information about Trustwave, visit https://www.trustwave.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20180523005085/en/
[ Back To TMCnet.com's Homepage ]
|