LONDON--(BUSINESS WIRE)--Security BSides, the community-driven event built for and by information security community members, today announced the results of its Security BSides London Attendees Survey 2017, co-ordinated by Digital Guardian. The survey collected responses from 187 full-time security industry professionals attending the London event, with a view to getting an insider’s outlook on the current cyber security climate.
The most notable highlights of the survey include:
Users and their behaviours are the industry’s biggest challenge
Security
professionals were asked what they believe to be the industry's biggest
challenge. More than a third (36%) suggested issues around user
education and behaviour, while 28% said that skills shortages and
recruitment issues are the biggest challenge.
Nation states are over-hyped and insiders are overlooked
Of
a range of threats often cited in popular security media, security
professionals said that the most over-hyped threats are:
1. North Korea, with 32% of responses
2. NSA/Government bodies,
with 19% of responses
3. Russia, with 17% of responses
Meanwhile, just under half (47%) of respondents said that uneducated users and insiders are the most overlooked threat today.
Resources gap between insider and outsider threats
The
vast majority (92%) of security professionals said that the industry is
deploying more resources in tackling outsider threats, and yet almost
three quarters (71%) said businesses should be more concerned about
insider threats.
Furthermore, when it comes to general security decision-making, only 9% of respondents said that senior management are making good decisions around security strategy and spending.
Asked what elements of security strategy or spending they would change if they were senior management, the top areas for improvement are:
1. Education and awareness, with 65% of responses
2. Budgets, with
32% of responses
3. Make security a greater priority, with 30% of
responses
4. Recruitment of security professionals, with 22% of
responses
Commenting on the results, Thomas Fischer, Director of Security BSides London and Global Security Advocate at Digital Guardian said: “The insider threat, be that from malicious or uneducated users, has been underestimated for years. Businesses are still operating with a mentality that they need to ‘build higher walls’, but the truth is that the real threat to our data is likely already inside – either with or without intent. If you add to that users’ expectations of technology - accessibility anytime, any place, anywhere and from any device – you have a perfect storm for a security mishap.”
He added: “At a time where businesses are facing an unprecedented volume of attacks, it’s concerning to see such a disconnect between those making security spending and strategy decisions, and those implementing them. This is something that the industry must address and it’s what makes events such as Security BSides all the more important in fostering collaboration and discussion between security professionals, regardless of experience or job role.”
About Security BSides London 2017
Launched in mid-2009,
Security B-Sides is a community-driven event built for and by
information security community members. The goal is to expand the
spectrum of information sharing beyond the traditional confines of space
and time. Security B-Sides events are free, community events organised
by local individuals, with the express goal of enabling a platform for
information dissemination.
https://www.securitybsides.org.uk/
About Digital Guardian
Digital Guardian is a next
generation data protection platform designed to stop data theft. The
Digital Guardian platform performs across the corporate network,
traditional endpoints, mobile devices and cloud applications to make it
easier to see and stop all threats to sensitive data. For more than 10
years, it has enabled data-rich organizations to protect their most
valuable assets with an on premise deployment or an outsourced managed
security program (MSP). Digital Guardian’s unique data awareness and
transformative endpoint visibility, combined with behavioral threat
detection and response, enables you to protect data without slowing the
pace of your business.
https://digitalguardian.com/