Computer Business Review

Significant gap found between security concerns & IT spend

A new survey has revealed that the majority of organisations are not spending their time, budget, and staffing resources on issues that most security professionals consider to be the greatest threats.

Three quarters (73%) of top security professionals think their organisations will suffer a major data breach over the next 12 months, while only 27% feel they are capable of dealing with it.

57% of security professionals cited sophisticated targeted attacks as their biggest concern, despite only 26% saying that targeted attacks were among their top three spending priorities.

According to the survey, 20% of respondents said preparing for and dealing with such attacks consumes most of their time.

The second greatest concern was phishing, social media exploits and social engineering with 46%.

However, just 22% indicated their organisations invest a large part of their security budget in the area and only 31% said they spend a vast amount of their time on social engineering.

According to the survey, 35% said addressing vulnerabilities introduced in internally developed software consumes most of their time with 33% citing vulnerabilities introduced by off-the-shelf software.

Just one-third (34%) said their organisation has required budget to defend itself against existing threats.

36% of respondents said they have the required skills to do their jobs, while around 55% plan to use some training.

The 2015 Black Hat Attendee survey included about 500 top-level security experts who have attended the annual Black Hat USA conference.

Black Hat said the combination of these responses must serve as a warning to the industry that security defence strategies and resources need to seriously rethink about it.