X
Tech

Phishing, sophisticated attacks most troubling to IT security pros

Staffing, training, budget shortfalls impact ability to protect organization.
Written by John Fontana, Contributor

IT security professionals fear phishing and sophisticated attacks the most, but worry that staffing, training and budget shortfalls will hinder their ability to protect their organizations.

Adding to the anxiety, 72% of respondents said they felt it is likely their organizations would face a major data breach in the next 12 months. Fifteen percent said they had "no doubt" they would face a major security breach in the next year.

black-hat-attendee-survey-graphic-2016.png

Those results are part of the findings of the 2016 Black Hat Attendee Survey, which was conducted in June with 250 security professionals. The annual Black Hat USA conference kicks off next week in Las Vegas.

The looming threat that eats at IT is phishing and other social engineering attacks. According to this year's 2015 Verizon Data Breach Investigations Report, 30% of phishing messages were opened by the target recipient, up from 23% just last year. In addition, 12% clicked on the attachment that launched the malicious attachment, up from 11% in 2014.

Those numbers point to another finding in the Black Hat Attendee Survey, 28% of IT security pros said end-users who violate security policy are the weakest part of the corporate security chain. It's a familiar refrain and a reality that today can come with damaging consequences.

On top of these concerns, the survey showed that companies are facing a serious shortage of qualified security pros. In the survey, 74% of respondents said they don't have enough staff to deal with the threats they expect to see in the next 12 months.

And it gets worse. Those same IT security pros says they are not spending enough time on the things that most concern them, but instead are tasked with "measuring risk (35%), managing compliance with industry and regulatory requirements (32%), and troubleshooting security vulnerabilities in internally developed applications (27%)."

The survey indicated the gap between concerns and day-to-day actions is growing, and respondents said they were fearful that they are losing the war against cybercrime.

Editorial standards