Mobile Devices Perceived as Security Industry's Weakest Link, Finds '2014 Cyberthreat Defense Report'

February 5, 2014

Annapolis, MD

Inaugural Report Offers New Insight Into the Perceptions and Buying Practices of Information Security Decision Makers and Practitioners in North America and Europe

CyberEdge Group, LLC, a premier research, marketing, and publishing firm serving the security industry’s top vendors and service providers, today announced immediate availability of its inaugural Cyberthreat Defense Report, the first of its type to provide a 360 degree view of organizations’ security threats, response plans, processes, and investments. Surveying more than 750 security decision makers and practitioners, the report found that more than 60 percent had been breached in 2013 with a quarter of all participants citing a lack of employer investment in adequate defenses.

The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which effectively assesses the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report, sponsored by Palo Alto Networks and several other information security vendors, provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.

Key Findings

The 2014 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:

  • Concern for mobile devices. Participants were asked to rate on a scale of 1 to 5, with 5 being highest—their organization’s ability to defend cyberthreats across nine IT domains. Mobile devices (2.77) received the lowest marks, followed by laptops (2.92) and social media applications (2.93). Virtual servers (3.64) and physical servers (3.63) were deemed most secure.
  • The BYOD invasion. By 2016, 77 percent of responding organizations indicate they’ll have bring-your-own-device (BYOD) policies in place. 31 percent have already implemented BYOD policies, 26 percent will follow within 12 months, and another 20 percent will follow within two years.
  • Inadequate security investments. Although 89 percent of respondents’ IT security budgets are rising (48 percent) or holding steady (41 percent), one in four doubts whether their employer has invested adequately in cyberthreat defenses.
  • Improved security or wishful thinking? Although 60 percent of respondents confessed to being affected by a successful cyberattack in 2013, only 40 percent expect to fall victim again in 2014.
  • Next-gen firewalls on the rise. Out of 19 designated network security technologies, next-generation firewalls (29%) are most commonly cited for future acquisition, followed by network behavior analysis (26%) and big data security analytics (24%).
  • Malware and phishing causing headaches. Of eight designated categories of cyberthreats, malware and phishing/spear-phishing are top of mind and pose the greatest threat to responding organizations. Denial-of-service (DoS) attacks are of least concern.
  • Ignorance is bliss. Less than half (48 percent) of responding organizations conduct full- network active vulnerability scans more frequently than once per quarter, while 21 percent only conduct them annually.
  • Dissatisfaction with endpoint defenses. Over half of respondents indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (22 percent) their existing endpoint protection software.
  • Careless employees are to blame. When asked which factors inhibit IT security organizations from adequately defending cyberthreats, “low security awareness among employees” was most commonly cited, just ahead of “lack of budget.”

“For years, Verizon has done a tremendous job assessing the current state of the cyberthreat landscape. But aside from a few vendor-leaning reports, no independent research firm has conducted a formal study to adequately assess the perceptions of IT security practitioners and the security posture of their employer’s networks. That ends today with the launch of our inaugural Cyberthreat Defense Report,” said Steve Piper, CEO of CyberEdge Group, LLC. “As security professionals, it’s not only important to know what threats are coming at us, but what our peers are doing about them. This report provides this level of insight in a purely unbiased way.”

“As the pioneer in delivering next-generation security to address today’s sophisticated cyber threats, we are pleased to sponsor CyberEdge’s inaugural Cyberthreat Defense Report,” says Scott Gainey, vice president of product marketing at Palo Alto Networks. “The findings include concerns about new sophisticated cyberthreats coupled with a clear sentiment that legacy point products are no longer effective. They also underscore that next-generation technology, like the Palo Alto Networks enterprise security platform with ‘closed loop’ protections, can help security professionals better defend their organizations’ networks.”

The 2014 Cyberthreat Defense Report was designed to assess organization’s security posture, gauge perceptions about cyberthreats, and ascertain future plans for improving security and reducing risk. In November 2013, over 750 IT security decision makers and practitioners representing 19 industries across North America and Europe participated in a 27-question online survey. Each participant is employed by a commercial or government entity with a minimum of 500 employees.

This report was sponsored by nine leading information security vendors, including:

  • Platinum sponsor: Palo Alto Networks
  • Gold sponsors: Blue Coat Systems, ForeScout Technologies, NetIQ, Tenable Network Security, and Trend Micro

  • Silver sponsors: Cylance, General Dynamics Fidelis Cybersecurity Solutions, and Webroot

Report Available Now

The 2014 Cyberthreat Defense Report is available now through each of the report’s sponsors and by connecting to the CyberEdge Group website at www.cyber-edge.com/2014-CDR.

About CyberEdge Group

CyberEdge Group is an award-winning research, marketing, and publishing firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with consultants based across North America and Europe, CyberEdge boasts more than two dozen of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies in North America and Europe are defending their networks against today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.

About Tenable Network Security

Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable is relied upon by more than 24,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments. For more information, visit tenable.com.

Contact Information:

Nicole Nolte
W2 Communications
nicole.nolte@w2comm.com
(703) 877-8111