RESTON, Va., Nov. 18, 2014 /PRNewswire/ -- ThreatTrack Security – a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks – today published a study titled "2015 Predictions from the Front Lines" which found that expectations for data security next year are surprisingly optimistic given the harsh reality of 2014, which has been the worst year on record for data breaches. Enterprise security staffers are so confident that 81% of survey respondents said they would "personally guarantee that their company's customer data will be safe in 2015."
Read the executive summary report here: http://www.threattracksecurity.com/getmedia/4db57e54-3a46-4390-bb6a-2343b6804d63/2015-security-predictions-report.aspx
"Now is the time of year when security vendors and analysts make their predictions about what 2015 will bring, but we decided to go directly to the people who are actually in the trenches dealing with the latest cyberattacks and defending their organizations' data on a day-to-day basis," said Julian Waits, Sr., president and CEO of ThreatTrack Security. "What we found is that security professionals are supremely confident that their ability to defend against data breaches and advanced malware threats will improve in 2015. That optimism seems rooted in their growing confidence in the leadership provided by their Chief Information Security Officer (CISO) and the fact that they expect to invest in new cybersecurity solutions, including advanced threat detection technologies and threat intelligence services."
Key findings from the survey include:
- Despite 68% of all respondents feeling their organization is more likely to be the target of a cyberattack next year, 94% are optimistic that their organization's ability to prevent data breaches will improve in 2015.
- The types of threats that organizations are most concerned about in 2015 are Advanced Persistent Threats (APTs) (65%), targeted malware attacks (61%) and spear phishing attacks (42%). Companies fear mobile threats (22%) least.
- Respondents see speed and prioritization as important to fortifying cyber defenses in 2015. When asked what their company needs to do next year to prevent it from becoming the next data breach headline:
- 70% cite investing in advanced cybersecurity defenses for rapid detection of sophisticated malware
- 58% indicated they would invest in technology to help prioritize security threats
- 56% said they would start updating their security policies as recommended by the CISO
- 54% cite investing in threat intelligence services
- 51% said replacing ineffective endpoint security solutions
- 95% of security staffers believe senior management will be more responsive to their team's security recommendations in 2015, suggesting that CISOs are becoming more successful at driving improvements in enterprise cybersecurity.
Over-Alerting is Slowing Cyber Defenders
When asked what the most time-consuming part of their job will be in 2015, the top response given by security staffers was "investigating security alerts to identify threats that pose the greatest risk to the organization." This means that nearly one in four respondents (22%) expects to spend most of their time chasing the cause of threat alerts. Even organizations that have already invested in next-generation defenses still face the hurdle of spending too much time and valuable resources determining which threats pose the greatest risk to their data before they are able to launch an effective response.
"One of the biggest obstacles to cybersecurity is the sheer volume of alerts generated by all of the defenses organizations have deployed. The inability to distinguish high priority, high risk incidents and to recognize when a deliberate, targeted attack is occurring was directly linked to several high-profile breaches in the last year," added Waits. "Detection alone is not enough. In 2015, organizations need to look toward a new breed of cyber defenses that enable them to identify and kill active campaigns sooner – before they've breached sensitive data – and to prioritize incident responses."
CISOs Effectively Lead the Charge for Cybersecurity Investment
ThreatTrack Security's July study on the role of the CISO revealed a lack of confidence in CISOs by their C-Level peers. However, this latest research indicates that within organizations that employ a CISO, security staffers are much more aware of cyber threats, but also much more optimistic about their abilities to stop data breaches.
The study shows that those respondents with a CISO are 25% more aware that their companies may be targeted in 2015 (73% with a CISO vs. 48% without a CISO). Yet these respondents are also 10% more optimistic (96% vs. 86%) that their ability to prevent a data breach will improve in 2015, and 23% are more willing (85% vs. 62%) to personally guarantee that their customers' data will be safe next year.
CISOs also appear to be making inroads with senior management by successfully making the case for new cybersecurity investment. Security professionals at companies that employ a CISO are twice as likely (24% to 12%) to anticipate spending the bulk of their time next year integrating new cyber defenses into existing security infrastructure. Respondents working for organizations with a CISO are also more aware of the need for new cybersecurity solutions, citing advanced cybersecurity defenses for rapid detection of sophisticated malware (74% with a CISO vs. 50% without a CISO), technology to help prioritize security threats (61% with a CISO vs. 41% without a CISO), and threat intelligence services (57% with a CISO vs. 36% without a CISO) as the top investments their companies must make to improve security in 2015.
The independent blind survey of 250 U.S.-based IT security staff, in companies with at least 2,000 employees, was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2014.
Full survey results are available upon request.
About ThreatTrack Security Inc.
ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber defenses deployed by enterprises and government agencies around the world. With more than 300 employees worldwide and backed by Insight Venture Partners and Bessemer Venture Partners, the company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more at www.ThreatTrackSecurity.com.
Copyright © 2014 ThreatTrack Security, Inc. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.
SOURCE ThreatTrack Security