The results of a new IT security study should be sending a chill through the industry.
This year’s edition of the world-famous Black Hat USA conference for IT security experts (both the good and sort-of-bad guys) will kick off in about a month, but for the first time ever, the organizers have given us a preview of what’s concerning its attendees with its 2015 Black Hat Attendee Survey: Time to Rethink Enterprise IT Security.
This survey asked almost 500 top-tier past attendees of the event what threats they see as most dangerous, both now and in a few years, and broadly returned the result that most sophisticated security professionals say enterprise security priorities don’t address those threats appropriately.
It mostly covers broad IT concerns, but for those of us in the IoT, there were a few interesting responses. Click here to read the whole executive summary.
In 2015, enterprises will spend more than $71.1 billion on information security, according to Gartner (News - Alert), the report said. Despite that huge expenditure, the number of major data breaches doesn’t seem to be going down. According to the survey’s respondents, their enterprises are not spending time, budget or staffing resources on the problems that they consider to be the greatest threats.
For instance, in the IoT universe, although the survey found that 7 percent of respondents say IoT security constitutes a top priority for their organization right now, and 6 percent spend the more of their time on IoT every day, only 3 percent report that IoT consumes the largest portion of their security budget.
Looking forward, 36 percent of the professionals reporting said they believe that threats borne by M2M devices will be among their top concerns two years from now, which was the biggest category reported. It remains to be seen if the funding will appropriately reflect those concerns in 2017.
The report concluded with an indication that the IT industry needs to rethink the current enterprise IT security model. What is troubling is that a majority of IT professionals believe they aren’t spending their time and budget on the threats that they believe are most critical.
It also asserted that online threats are already stressing IT departments’ resources and managers report that they don’t have enough people, budget, or training to handle current threats, not to mention that very few have even begun to address the IoT, which they expect to be the biggest concern they will face in two years.
Something needs to change and fast, enterprise folks. Winter is coming.