trends in information security
TRANSCRIPT
Trends in Information Security
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21%
57%22%
Satisfaction with Current Security Level
23%
62%15%
26%
57%17%
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Small (1-99 employees)
Medium(100-499 employees)
Large(500+ employees)
Completely Satisfactory Mostly Satisfactory Adequate/Unsatisfactory
Drivers for Changing Security Approach
22%
26%
26%
29%
29%
34%
43%
47%
Focus on a new industry vertical
Change in management
Change in operations or client base
Internal security breach or incident
Vulnerability discovered by audit
Knowledge gained from training
Reports of security breaches
Change in IT operations
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Complicating Factors for Security
35%
35%
38%
44%
45%
45%
48%
52%
52%
54%
Consumerization of IT
Challenges with security expertise
Continued use of legacy systems
More reliance on Internet applications
Volume of security threats
Rise of social networking
Greater availability of hacking tools
Sophistication of security threats
Greater tech interconnectivity
Growing organization of hackers
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
29%
23%
48%
Definitely Probably No/Don't know
Types of Data Lost
• Employee data• Financial data• Intellectual property• Customer records
Experiences with Data Loss
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Awareness of Data Loss Over Past Year
14%
40%
29%
17%
32%26%
2013
2015
Reviewing Cloud Providers
Typical Areas Reviewed
• Business Continuity• Data Retention• Data Encryption• Credentials• Data Integrity• Regulatory Compliance• Identity and Access Management• Geographic Locations
Amount of Review Performed
Little/NoneDon’t know
Moderate Heavy
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Incidence of Mobile Security Incidents
24%
23%
28%
26%
39%
24%
27%
30%
31%
32%
Mobile phishing attack
Violation of policy on corporate data
Mobile malware
Employees disabling security features
Lost device2015
2013
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Concern Over Mobile Security Threats
24%
31%
26%
33%
36%
27%
30%
39%
41%
48%
33%
33%
41%
50%
50%
40%
43%
48%
48%
50%
26%
30%
30%
37%
40%
40%
42%
43%
45%
52%
Shortened URLs
Malvertising
Auto-dial malware
Social media
Theft or loss of corporate devices
USB flash drives
BYOD
Unauthorized apps
Mobile-specific viruses or malware
Open WiFi networks
Large
Medium
Small
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
18%
66%
17%
34%
58%
6%
2013 2015
Balancing Risk and Security
Reasons to Accept More Risk
50% Evaluation highlighted unnecessary constraints
45% Desire to use new technology
35% Changing security landscape
Too MuchRisk
AppropriateBalance
SecurityToo Stringent
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Reasons to Mitigate Risk
56% Nature of emerging threats
56% New business model/offering
51% Evaluation highlighted excessive risk
50%
36%
14%
Dealing with Regulations
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
8%
39%
54%
Low Moderate High
Fully aware
Mostly aware
Somewhat aware/Unsure
Awareness of Regulatory Concerns
Effort Involved in Compliance
52% 48%
Human error Technology error
Top Human Error Sources
42% End user failure to follow policies and procedures
42% General carelessness
31% Failure to get up to speed on new threats
29% Lack of expertise with websites/applications
26% IT staff failure to follow policies and procedures
Human Element a Major Part of Security Risk
Source: CompTIA’s Trends in Information Security study | Base: 300 U.S. end users
Factors in Security Breaches
Criteria Needed for Better Security Training
27%
30%
35%
36%
40%
40%
53%
More dynamic (e.g. gamification elements,"pop quizzes," etc.)
More mobile
More real-world examples / case studies
More engaging / interesting
More user friendly / better interface
Better administrative tools
Better content
Source: CompTIA’s Trends in Information Security study | Base: 161 U.S. end users providing security training
Security Offerings from IT Companies
Source: CompTIA’s Trends in Information Security study | Base: 300 U.S. IT firms
17%
56%
27%
Standalone product/service
Embedded in other products/services
Not offered
Types of Security Offerings
57% Network security56% BC/DR51% Data protection48% Email/Web security42% Compliance management42% Risk management42% Cloud security38% IAM37% Intrusion detection35% Mobile security33% SIEM