Top-level IT security pros believe there\u2019s a significant, unaddressed gap between enterprise security priorities and the serious threats that keep them awake at night.<\/p>\n
According to the Black Hat USA 2015 attendee survey<\/a>, 73% of enterprise security professionals believe their organization will suffer a major data breach over the next 12 months.<\/p>\n At a time when Gartner says enterprises have never spent more on security \u2013 more than $76 billion in 2015<\/a> \u2013 major breaches, from Target to Anthem and OPM, show no sign of abating.<\/p>\n Where are we going wrong?<\/strong><\/p>\n According to the security pros at Black Hat, it\u2019s all about priorities. Only 27% of security professionals feel capable of addressing a breach \u2013 because they\u2019re too busy dealing with vulnerabilities introduced by internally developed and off-the-shelf software. While these threats are important to 35%, 57% view sophisticated targeted attacks as their biggest concern \u2013 an area that features in the top three spending categories of only 26% of businesses.<\/p>\n Is it time to re-Think Enterprise IT Security? #enterprisesec<\/p>Tweet<\/a><\/blockquote>\n The second greatest concern \u2013 phishing and social engineering \u2013 receive only 22% of the security budget.<\/p>\n In a nutshell<\/strong><\/p>\n The security tasks that consume the greatest amount of time and money in the enterprise aren\u2019t always the ones that are considered the greatest threats. There\u2019s a gap between budgets and the latest threats, and it\u2019s difficult to bridge the divide between spending and current concerns.<\/p>\n It\u2019s not the only gap: Security professionals\u2019 perception of the threat posed by malicious insiders is lower than that of non-IT management. Only 44% of security staff believed that management rated targeted attacks as seriously as they do; that drops to 29% for social engineering. Key threats, it seems, are being overlooked as a gap grows between mainstream concerns and those of security professionals.<\/p>\n When it comes to defense strategies, it\u2019s interesting to note that security professionals are worried about flaws in their own approach \u2013 one-fifth of them cite a \u201clack of security architecture and planning that goes beyond firefighting\u201d as their weakest link. There\u2019s a belief that single-purpose technologies or solutions are leaving way too many chinks in the armor.<\/p>\n Missed opportunities?<\/strong><\/p>\n Despite the gap, it\u2019s interesting to see that 81% of security experts believe non-IT-management \u2018get\u2019 security and the need for it. The belief that they have the support of management is widespread.<\/p>\n Maybe what\u2019s missing is a little more communication and a conversation that frames the threats more clearly. Kaspersky Lab\u2019s long track record in threat intelligence, making some of the highest profile, most relevant threat discoveries means it\u2019s uniquely placed to facilitate this conversation.<\/p>\n Our understanding of the inner workings of some of the world\u2019s most sophisticated attacks \u2013 coupled with our ability to detect and monitor them \u2013 not only gives security professionals the kind of insight they need into the latest, most relevant threats, but provides the strategic insight needed to represent these security risks at board level, aligning them directly with business impacts.<\/p>\n There\u2019s never been a better time for IT security professionals to make their mark on the business. #enterprisesec<\/p>Tweet<\/a><\/blockquote>\n That should help differentiate between the mainstream and the critical in an environment where 91% of business users grossly underestimate threat volumes.1<\/sup><\/a><\/p>\n Bend, don\u2019t break<\/strong><\/p>\n This survey also highlights the need for a little more business understanding of how automating or streamlining time-consuming tasks like application vulnerability management could deliver a more effective overall security strategy aligned with the knowledge and understanding of the security experts.<\/p>\n Kaspersky Lab\u2019s multi-layered platform combines industry-leading security technologies and threat intelligence capabilities with fully integrated systems management features such as vulnerability assessment and patch management. By enabling the automation of critical-yet-time-consuming security functions, Kaspersky Lab helps security professionals dedicate more of their time to addressing current and emerging issues \u2013 like the targeted threats that occupy so much of their minds, but so little of their working day.<\/p>\n Real world security, in real-time<\/strong><\/p>\n It\u2019s obvious that security has got the board\u2019s attention. There\u2019s never been a better time for IT security professionals to make their mark on the business. Wouldn\u2019t it be nice if your security solution not only responded to the needs of the CISO, but aligned with the business too?<\/p>\n Maybe all that\u2019s needed is a little re-thinking. And a lot more communication.<\/p>\n Learn more about Kaspersky Systems Management here.<\/a><\/p>\n