Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mobile Devices Perceived as Security Industry's Weakest Link, Finds '2014 Cyberthreat Defense Report'

February 5, 2014

Annapolis, MD

Inaugural Report Offers New Insight Into the Perceptions and Buying Practices of Information Security Decision Makers and Practitioners in North America and Europe

CyberEdge Group, LLC, a premier research, marketing, and publishing firm serving the security industry’s top vendors and service providers, today announced immediate availability of its inaugural Cyberthreat Defense Report, the first of its type to provide a 360 degree view of organizations’ security threats, response plans, processes, and investments. Surveying more than 750 security decision makers and practitioners, the report found that more than 60 percent had been breached in 2013 with a quarter of all participants citing a lack of employer investment in adequate defenses.

The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which effectively assesses the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report, sponsored by Palo Alto Networks and several other information security vendors, provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.

Key Findings

The 2014 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:

  • Concern for mobile devices. Participants were asked to rate on a scale of 1 to 5, with 5 being highest—their organization’s ability to defend cyberthreats across nine IT domains. Mobile devices (2.77) received the lowest marks, followed by laptops (2.92) and social media applications (2.93). Virtual servers (3.64) and physical servers (3.63) were deemed most secure.
  • The BYOD invasion. By 2016, 77 percent of responding organizations indicate they’ll have bring-your-own-device (BYOD) policies in place. 31 percent have already implemented BYOD policies, 26 percent will follow within 12 months, and another 20 percent will follow within two years.
  • Inadequate security investments. Although 89 percent of respondents’ IT security budgets are rising (48 percent) or holding steady (41 percent), one in four doubts whether their employer has invested adequately in cyberthreat defenses.
  • Improved security or wishful thinking? Although 60 percent of respondents confessed to being affected by a successful cyberattack in 2013, only 40 percent expect to fall victim again in 2014.
  • Next-gen firewalls on the rise. Out of 19 designated network security technologies, next-generation firewalls (29%) are most commonly cited for future acquisition, followed by network behavior analysis (26%) and big data security analytics (24%).
  • Malware and phishing causing headaches. Of eight designated categories of cyberthreats, malware and phishing/spear-phishing are top of mind and pose the greatest threat to responding organizations. Denial-of-service (DoS) attacks are of least concern.
  • Ignorance is bliss. Less than half (48 percent) of responding organizations conduct full- network active vulnerability scans more frequently than once per quarter, while 21 percent only conduct them annually.
  • Dissatisfaction with endpoint defenses. Over half of respondents indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (22 percent) their existing endpoint protection software.
  • Careless employees are to blame. When asked which factors inhibit IT security organizations from adequately defending cyberthreats, “low security awareness among employees” was most commonly cited, just ahead of “lack of budget.”

“For years, Verizon has done a tremendous job assessing the current state of the cyberthreat landscape. But aside from a few vendor-leaning reports, no independent research firm has conducted a formal study to adequately assess the perceptions of IT security practitioners and the security posture of their employer’s networks. That ends today with the launch of our inaugural Cyberthreat Defense Report,” said Steve Piper, CEO of CyberEdge Group, LLC. “As security professionals, it’s not only important to know what threats are coming at us, but what our peers are doing about them. This report provides this level of insight in a purely unbiased way.”

“As the pioneer in delivering next-generation security to address today’s sophisticated cyber threats, we are pleased to sponsor CyberEdge’s inaugural Cyberthreat Defense Report,” says Scott Gainey, vice president of product marketing at Palo Alto Networks. “The findings include concerns about new sophisticated cyberthreats coupled with a clear sentiment that legacy point products are no longer effective. They also underscore that next-generation technology, like the Palo Alto Networks enterprise security platform with ‘closed loop’ protections, can help security professionals better defend their organizations’ networks.”

The 2014 Cyberthreat Defense Report was designed to assess organization’s security posture, gauge perceptions about cyberthreats, and ascertain future plans for improving security and reducing risk. In November 2013, over 750 IT security decision makers and practitioners representing 19 industries across North America and Europe participated in a 27-question online survey. Each participant is employed by a commercial or government entity with a minimum of 500 employees.

This report was sponsored by nine leading information security vendors, including:

  • Platinum sponsor: Palo Alto Networks
  • Gold sponsors: Blue Coat Systems, ForeScout Technologies, NetIQ, Tenable Network Security, and Trend Micro

  • Silver sponsors: Cylance, General Dynamics Fidelis Cybersecurity Solutions, and Webroot

Report Available Now

The 2014 Cyberthreat Defense Report is available now through each of the report’s sponsors and by connecting to the CyberEdge Group website at www.cyber-edge.com/2014-CDR.

About CyberEdge Group

CyberEdge Group is an award-winning research, marketing, and publishing firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with consultants based across North America and Europe, CyberEdge boasts more than two dozen of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies in North America and Europe are defending their networks against today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training