Trends in Information Security

Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

21%

57%22%

Satisfaction with Current Security Level

23%

62%15%

26%

57%17%

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Small (1-99 employees)

Medium(100-499 employees)

Large(500+ employees)

Completely Satisfactory Mostly Satisfactory Adequate/Unsatisfactory

Drivers for Changing Security Approach

22%

26%

26%

29%

29%

34%

43%

47%

Focus on a new industry vertical

Change in management

Change in operations or client base

Internal security breach or incident

Vulnerability discovered by audit

Knowledge gained from training

Reports of security breaches

Change in IT operations

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Complicating Factors for Security

35%

35%

38%

44%

45%

45%

48%

52%

52%

54%

Consumerization of IT

Challenges with security expertise

Continued use of legacy systems

More reliance on Internet applications

Volume of security threats

Rise of social networking

Greater availability of hacking tools

Sophistication of security threats

Greater tech interconnectivity

Growing organization of hackers

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

29%

23%

48%

Definitely Probably No/Don't know

Types of Data Lost

• Employee data• Financial data• Intellectual property• Customer records

Experiences with Data Loss

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Awareness of Data Loss Over Past Year

14%

40%

29%

17%

32%26%

2013

2015

Reviewing Cloud Providers

Typical Areas Reviewed

• Business Continuity• Data Retention• Data Encryption• Credentials• Data Integrity• Regulatory Compliance• Identity and Access Management• Geographic Locations

Amount of Review Performed

Little/NoneDon’t know

Moderate Heavy

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Incidence of Mobile Security Incidents

24%

23%

28%

26%

39%

24%

27%

30%

31%

32%

Mobile phishing attack

Violation of policy on corporate data

Mobile malware

Employees disabling security features

Lost device2015

2013

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Concern Over Mobile Security Threats

24%

31%

26%

33%

36%

27%

30%

39%

41%

48%

33%

33%

41%

50%

50%

40%

43%

48%

48%

50%

26%

30%

30%

37%

40%

40%

42%

43%

45%

52%

Shortened URLs

Malvertising

Auto-dial malware

Social media

Theft or loss of corporate devices

USB flash drives

BYOD

Unauthorized apps

Mobile-specific viruses or malware

Open WiFi networks

Large

Medium

Small

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

18%

66%

17%

34%

58%

6%

2013 2015

Balancing Risk and Security

Reasons to Accept More Risk

50% Evaluation highlighted unnecessary constraints

45% Desire to use new technology

35% Changing security landscape

Too MuchRisk

AppropriateBalance

SecurityToo Stringent

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

Reasons to Mitigate Risk

56% Nature of emerging threats

56% New business model/offering

51% Evaluation highlighted excessive risk

50%

36%

14%

Dealing with Regulations

Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users

8%

39%

54%

Low Moderate High

Fully aware

Mostly aware

Somewhat aware/Unsure

Awareness of Regulatory Concerns

Effort Involved in Compliance

52% 48%

Human error Technology error

Top Human Error Sources

42% End user failure to follow policies and procedures

42% General carelessness

31% Failure to get up to speed on new threats

29% Lack of expertise with websites/applications

26% IT staff failure to follow policies and procedures

Human Element a Major Part of Security Risk

Source: CompTIA’s Trends in Information Security study | Base: 300 U.S. end users

Factors in Security Breaches

Criteria Needed for Better Security Training

27%

30%

35%

36%

40%

40%

53%

More dynamic (e.g. gamification elements,"pop quizzes," etc.)

More mobile

More real-world examples / case studies

More engaging / interesting

More user friendly / better interface

Better administrative tools

Better content

Source: CompTIA’s Trends in Information Security study | Base: 161 U.S. end users providing security training

Security Offerings from IT Companies

Source: CompTIA’s Trends in Information Security study | Base: 300 U.S. IT firms

17%

56%

27%

Standalone product/service

Embedded in other products/services

Not offered

Types of Security Offerings

57% Network security56% BC/DR51% Data protection48% Email/Web security42% Compliance management42% Risk management42% Cloud security38% IAM37% Intrusion detection35% Mobile security33% SIEM

Thank You

Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

REMINDER: The complete 39-page Trends in Information Technology report can be accessed free of charge at CompTIA.org (with simple registration)