The Global State of Information Security Survey of 2014 includes over 9,600 businesses and information security executives across a range of industries to answer questions about the state of privacy, security and strategic business alignment. This year’s survey shows an increase in funding for security, an increase in safeguards and confidence levels rising, but it’s not all good news. Here are some of the key findings.
Confidence of effectiveness in security activities is high, especially among top executives. Eighty-four percent of CEOs are somewhat or very confident. Half of survey respondents consider themselves front-runners in security practices, however, that doesn’t mean they are really ahead in security just that confidence is up. That confidence might be explained by the increased budget going toward security measures; there was a 51% gain over budgets from 2012 in 2013.
Bigger budgets for security are making a difference by increasing safeguards and increasing confidence, but cybercriminals are still outpacing organizations’ efforts. Not only is the cost of data breaches up, but so is the number of detected incidents. BYOD programs are being implemented before proper security measures are in place. With this in mind, the increased confidence in security measures may actually be a threat.
Increased security incidents
In the past 12 months, the number of security incidents detected increased by 25%. That doesn’t necessarily mean that attacks are up, just that more are being detected. But the regular news about data breaches makes it clear that customer and company data continue to be easy targets for hackers. Further, the cost of data breaches is increasing, the average cost is up 18% from 2012.
Who is attacking? Most respondents say that insiders, current or former employees, are the biggest risk.
More safeguards are in place, but they aren’t necessarily the right ones. Respondents stated that the following security safeguards are not in place:
- Behavioral profiling and monitoring (52%)
- Security info and event management (46%)
- Data loss prevention tools (45%)
- Active monitoring/analysis of security intelligence (31%)
Results show that organizations are not properly protecting their high-value data. Mobile security is especially lacking. Securing mobile devices continues to trail behind the actual use of mobile devices, leaving companies open to breach. While over half of those surveyed use cloud computing, most don’t include cloud security in their policies.
Another area respondents proved weak is in collaboration; 28% do not collaborate to find better security practices and tools.
Overcoming the security threats of 2014 is going to take working together to share information and prioritizing protection of the most valuable company assets. A greater investment needs to be made in technology that can monitor and protect those assets. Companies need to use their budgets more wisely to stand up to tomorrow’s threats, to do that will take collaboration both internally with all levels of the security team and with security professionals around the world.