Consistent with the findings in last year’s inaugural Cyberthreat Defense Report, the 2015 report finds that while IT security spending is increasing, confidence is falling, with the majority of respondents expecting to be breached in the next 12 months, despite all of their efforts.
In surveying more than 800 security decision makers and practitioners, the report found more than 70 percent of respondents’ networks had been breached in 2014 — up from 62 percent in 2013 — with more than 20 percent breached six times or more. For the first time, a majority of respondents (52 percent) now believe a successful cyber attack is likely in the coming year — up from 39 percent in last year’s report.
In 2014, 71 percent of respondents’ networks were breached with 22 percent of them victimized six or more times. This is an increase from the preceding year, which saw 62 percent of respondents’ networks breached, with 16 percent of them victimized by six or more successful cyber attacks.
A majority (52 percent) of respondents felt that a successful cyber attack against their network was likely in the next 12 months, compared to just 39 percent in 2013.
Of 10 designated categories of cyber threats, phishing/spear-phishing, malware, and zero-day attacks are perceived as posing the greatest risk to responding organizations. Denial of service attacks, watering hole attacks and drive-by downloads are of least concern.
Security spending continues to rise
Survey results indicate that 62 percent of respondents expect their security budgets to increase this year, up from 48 percent last year. Respondents also said that, on average, 6-10 percent of their organizations’ IT budgets are spent on security, with one in five organizations spending 16 percent or more.
For the second straight year, mobile device and application management is the top mobile security solution respondents plan to implement in the next 12 months. This is no surprise, as nearly six in 10 participants saw a rise in mobile device threats in the preceding 12 months.
Security analytics/full-packet capture and analysis is the most commonly cited network security technology planned for future acquisition, followed by threat intelligence services and next-generation firewalls.
67 percent indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (33 percent) their existing endpoint products. This number is markedly up from 56 percent in last year’s survey.
Half of those surveyed rely on continuous monitoring technologies for discovering network assets, achieving policy compliance and mitigating vulnerabilities and security misconfigurations. This is a positive trend for the industry, as only 38 percent of respondents conduct full-network scans more often than quarterly.
“Cyber threats hit an all time high in 2014, in terms of not only the number of breaches but their impact on all aspects of business. Who would have thought that we would see a time when a simple movie would spur attacks that forced an entire industry to publicly address the way itthinks about privacy, piracy, and geopolitical implications of the product it produces,” said Steve Piper, CEO of CyberEdge Group. “For the first time in our research, a majority of participants predict their networks will become compromised in 2015. These are indeed dangerous times, but there is still cause for optimism as organizations take active steps to prepare for the unexpected. Welcome to the new reality.”
“It’s no surprise that security analytics is the most commonly cited network security technology planned for acquisition in this year’s report,” said Hugh Thompson, chief technology officer of Blue Coat Systems, sponsor of the report. "This technology, coupled with SSL visibility and malware analysis capabilities, is reducing the time and effort needed to detect and eliminate sophisticated threats. Organizations are realizing that being prepared for advanced threats is the key to quick resolution and risk mitigation.”
“A key takeaway from this year’s Cyberthreat Defense Report is the dramatic rise in mobile device threats,” said Kurt Roemer, chief security strategist at fellow report sponsor Citrix. “With workforce mobility skyrocketing, mobile device and application management technologies are critical for maintaining the confidentiality and integrity of sensitive data. We’re proud to partner with CyberEdge Group to raise awareness of this issue.”
As well as Blue Coat Systems and Citrix, the 2015 Cyberthreat Defense Report was also sponsored by NetIQ, PhishMe, Tenable Network Security, ThreatTrack Security, Webroot, CloudLock, Cylance, Endgame, iSIGHT Partners, and Triumfant.