2015 Trends: Breach, Budget and Talent Keep Security Staff Up at Night

Keeping up with the latest cyber-threats, including new forms of malware, and gaining insight on which systems are adequately protected from threats all make the list of the top security challenges for 2015 in a new survey. But data breaches loom as the Big Kahuna of worry for most IT professionals.

EiQ Networks’ Security Monitoring survey took a look at the levels of confidence in existing security technologies with indicators on the most pressing priorities and biggest challenges in protecting information systems. When it comes to infrastructure concerns, the headaches appear to be fragmented: Mobility (18%), networks (17%), endpoints (16%), databases (13%), cloud (13%), web applications (14%) and virtualization (7%) were chosen as representing the weak points. But one unifying theme ties these together: concern that these weaknesses will lead to data breaches.

Nearly 90% indicated “concern” or “high concern” for a data breach, but only 15% believe that they are well-prepared for a compromise. And, only about a fifth (21%) said that they’re confident their systems will effectively mitigate risk.

And wherefore this lack of confidence in their existing security technologies? Respondents cited difficulties in obtaining budget and a lack of specialized talent as the two things preventing them from effectively protecting information systems in an increasingly complex threat environment.

About 60% of respondents said they had only a “partial process” for cyber-defense, and, concerningly, 11% reported that no process at all is in place. Only 31% of respondents have a solid game plan in place for cyber-defense.

Meanwhile, a variety of technologies were reported to be in use for overall cybersecurity protections, leading with traditional firewall (81%); antivirus software (66%); IDS/IPS technologies (60%); log management (60%); and SIEM (44%). 

Yet, 67% of IT decision-makers reported that they are only somewhat confident in their technologies to effectively mitigate risk of security incidents, and that they are still seeking alternatives.

In particular, 85% of IT pros indicate they plan to replace their current SIEM solution with managed services solutions. Drivers for the swap-out include cost savings (27%), technology advantage (21%) and performance gains (12%).

“As the volume and complexity of security breaches continues to accelerate, an increasing number of organizations are at risk of losing valuable customer and corporate data, and intellectual property,” said Brian Mehlman, vice president of product management at EiQ Networks, in a statement. “From cost burdens and management headaches, organizations are looking for a cure to SIEM. The good news is that the remedy to this perpetual affliction is through simplified and cost-effective security intelligence solutions that provide organizations with critical visibility across the entire spectrum of enterprise security data.”

The study also found that top drivers on information risk management tend to be clustered in emerging arenas: Mobility (37%), cloud (23%) and big data (19%).

“With the severity of today’s threat environment and impact on all areas of the business, IT pros are looking beyond basic compliance and beginning to focus on security best practices to get out in front,” said Mehlman. “Defining and implementing an effective security program that provides both proactive and reactive security monitoring on a continuous basis and is supported by trained security professionals, who can engage in timely analysis and remediation, is mandatory in protecting businesses against current threats.”

What’s Hot on Infosecurity Magazine?