The 2013 RSA Security Trends Survey produced by F5 Networks questioned attendees with IT responsibilities over planning, management, oversight, or implementation of security; and primarily looked at perceived threat trends and perceived readiness to counter those threats.
The biggest threat comes from IT’s move to virtualization (73%), closely followed by the increasing complexity of threats (72%). BYOD is seen as the third biggest threat to security (66%), followed by the change in the bad guys’ motivation from hacker to spy (62%; although this might be linked to the increasing complexity of APT-style state-sponsored attacks). Shifts in IT itself, from data center to cloud (61%) and from client-server to web-based applications (60%) provide the fifth and sixth biggest threat sources.
But despite ready acknowledgement of the changing threatscape, these professionals do not believe that their organizations are adequately prepared. Consider BYOD. 75% of the respondents accept that BYOD is prevalent within their organizations and 66% consider it to have a high impact on security. Nevertheless, 35% do not believe that their organizations have adequate security in place to protect against threats associated with BYOD.
Similarly, 64% of respondents are concerned about the shift to web-based applications, but 37% do not believe they have adequate protection. This is even more marked with the move towards a cloud-based infrastructure: 66% believe that this will affect security, while 49% believe their organizations are not providing adequate security to protect against those threats.
The survey also shows that between 40% and 50% of security professionals believe that (unspecified) traditional security defenses are less than adequate in protecting against these threats. Mark Vondemkamp, VP of product management for security at F5 suggests, “Companies will do well to proactively address trends like BYOD and cloud security, but they should also look to raise their game in terms of threat detection and mitigation. With employee behavior, business priorities, and infrastructure demands further expanding traditional threat vectors, the proper tools and procedures are essential in maintaining a healthy level of security.”
What the survey doesn’t make clear, however, is whether the security professionals are insufficiently aware of the new threat detection and mitigation defenses available, or whether the organizations are not providing the budget to acquire them.