IT security continues to be a major issue for businesses. Each year Dark Reading surveys more than 300 cybersecurity professionals and asks them in-depth questions about the strategies they employ to deal with the effects of security breaches, set security policies, and determine security budgets. The resulting findings provide us with an insightful look at multi-year cybersecurity trends.
Three years of Dark Reading’s Strategic Security survey data (2016, 2017, and 2018) reveal that the top three security threats consistently are:
- Cyber criminals
- Threats posed by employees
- Application vulnerabilities
The survey data also show that cybersecurity professionals are increasingly concerned about security threats such as mobile device security vulnerabilities and endpoint security, to name just two.
- 80% believe mobile devices, such as smartphones and tablets, pose a threat to their organization’s security.
- The most significant endpoint security concern is the possibility of users being socially engineered via phishing or other scams – 58% cited this point as the number one concern in 2018, up from 57% in 2017 and 49% in 2016.
Some additional survey highlights include:
- 60% say they are more vulnerable because of increased threat sophistication.
- Malware was responsible for 54% of compromises; phishing accounted for 48%.
- 61% of respondents predict that end users who are negligent or break policy will cause a major data breach in the next 12 months.
The data from the 2018 Strategic Security survey show that organizations are continuing to increase spending on security products and technologies. 40% expect to spend more on information security in 2018 than they did in 2017. Our survey results show that organizations generally see the value in moving to a more risk-focused security posture. Regulatory compliance is a contributing factor to determining security investments, but it’s not the top concern.
While many organizations have embraced a risk-based cybersecurity model and implemented the necessary technologies and processes, many still grapple with cybersecurity challenges such as risk management, assessment, and risk management. Stay tuned for the upcoming 2019 Dark Reading Strategic Security data to see how these trends continue to evolve.
Read a full report that references this research: How Data Breaches Affect the Enterprise.