Overwhelming optimism for information security in 2015

Expectations for data security next year are surprisingly optimistic given the harsh reality of 2014, which has been the worst year on record for data breaches, according to a new survey by ThreatTrack Security. Enterprise security staffers are so confident that 81% of survey respondents said they would “personally guarantee that their company’s customer data will be safe in 2015.”

“Now is the time of year when security vendors and analysts make their predictions about what 2015 will bring, but we decided to go directly to the people who are actually in the trenches dealing with the latest cyberattacks and defending their organizations’ data on a day-to-day basis,” said Julian Waits, Sr., CEO of ThreatTrack Security.

“What we found is that security professionals are supremely confident that their ability to defend against data breaches and advanced malware threats will improve in 2015. That optimism seems rooted in their growing confidence in the leadership provided by their CISO and the fact that they expect to invest in new cybersecurity solutions, including advanced threat detection technologies and threat intelligence services,” Waits added.

Survey findings from the survey include:

• Despite 68% of all respondents feeling their organization is more likely to be the target of a cyberattack next year, 94% are optimistic that their organization’s ability to prevent data breaches will improve in 2015.
• The types of threats that organizations are most concerned about in 2015 are Advanced Persistent Threats (APTs) (65%), targeted malware attacks (61%) and spear phishing attacks (42%). Companies fear mobile threats (22%) least.
• Respondents see speed and prioritization as important to fortifying cyber defenses in 2015. When asked what their company needs to do next year to prevent it from becoming the next data breach headline.
• 95% of security staffers believe senior management will be more responsive to their team’s security recommendations in 2015, suggesting that CISOs are becoming more successful at driving improvements in enterprise cybersecurity.

When asked what the most time-consuming part of their job will be in 2015, the top response given by security staffers was “investigating security alerts to identify threats that pose the greatest risk to the organization.” This means that nearly one in four respondents (22%) expects to spend most of their time chasing the cause of threat alerts. Even organizations that have already invested in next-generation defenses still face the hurdle of spending too much time and valuable resources determining which threats pose the greatest risk to their data before they are able to launch an effective response.

“One of the biggest obstacles to cybersecurity is the sheer volume of alerts generated by all of the defenses organizations have deployed. The inability to distinguish high priority, high risk incidents and to recognize when a deliberate, targeted attack is occurring was directly linked to several high-profile breaches in the last year,” added Waits. “Detection alone is not enough. In 2015, organizations need to look toward a new breed of cyber defenses that enable them to identify and kill active campaigns sooner – before they’ve breached sensitive data – and to prioritize incident responses.”

The independent blind survey of 250 U.S.-based IT security staff, in companies with at least 2,000 employees, was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2014.