Black Hat Attendees Fear a Major Breach But Few are Prepared

Almost three quarters of security pros interviewed by Black Hat USA said they think their organization will suffer a breach in the next 12 months, yet just a quarter (27%) feel they’re able to deal with it.

That’s according to a new survey of 500 past attendees of the globally renowned event which reveals a worrying lack of technical and human resources to hand for many information security professionals.

The majority of respondents pegged advanced targeted attacks (57%) as the number-one source of concern, yet just 26% said that tackling such an eventuality was among their top three spending priorities.

Second highest on the list of concerns was phishing, social media exploits and social engineering (46%), but again just 21% said they spend large amounts of budget on mitigating these attacks.

The reason for this might lie in the increasing amount of time and money IT security leaders have to spend on addressing vulnerabilities introduced in internally developed software (35%) or third party products (33%), according to the survey.

Additionally, the research pointed to a severe shortage of IT resources.

Just over a quarter (27%) said they had enough staff to deal with current threats.

Bharat Mistry, cybersecurity consultant for Trend Micro, argued that IT teams should pay more attention to the non-technology side when building defenses against a possible cyber-attack.

“Stress testing and acting out scenarios is the best way of understanding how you would cope under breach or attack conditions,” he told Infosecurity.

“The most important factor is the people and the processes and knowing what to do when and how to communicate and escalate information to the board and external parties. Only when you undertake this type of exercise do you expose the potential ‘holes’.”

User education is also vital to instill safe online behavior and thus reduce risk exposure, he added.

“Having cyber-risk being reported as part of business risk will also drive the appropriate behavior at the board-level,” Mistry concluded.

What’s Hot on Infosecurity Magazine?