The CyberEdge Group published its second annual Cyberthreat Defense Report, which provides a view of organizations’ security threats, current defenses and planned investments.
Consistent with the findings in last year’s inaugural Cyberthreat Defense Report, the 2015 report finds that while IT security spending is increasing, confidence is falling, with the majority of respondents expecting to be breached in the next 12 months, despite all of their efforts.
In surveying more than 800 security decision makers and practitioners, the report found more than 70 percent of respondents’ networks had been breached in 2014 — up from 62 percent in 2013 — with more than 20 percent breached six times or more. For the first time, a majority of respondents (52 percent) now believe a successful cyber attack is likely in the coming year — up from 39 percent in last year’s report.
In 2014, 71 percent of respondents’ networks were breached with 22 percent of them victimized six or more times. This is an increase from the preceding year, which saw 62 percent of respondents’ networks breached, with 16 percent of them victimized by six or more successful cyber attacks.
A majority (52 percent) of respondents felt that a successful cyber attack against their network was likely in the next 12 months, compared to just 39 percent in 2013.
Of 10 designated categories of cyber threats, phishing/spear-phishing, malware, and zero-day attacks are perceived as posing the greatest risk to responding organizations. Denial of service attacks, watering hole attacks and drive-by downloads are of least concern.
Survey results indicate that 62 percent of respondents expect their security budgets to increase this year, up from 48 percent last year. Respondents also said that, on average, 6-10 percent of their organizations’ IT budgets are spent on security, with one in five organizations spending 16 percent or more.
For the second straight year, mobile device and application management is the top mobile security solution respondents plan to implement in the next 12 months. This is no surprise, as nearly six in 10 participants saw a rise in mobile device threats in the preceding 12 months.
Security analytics/full-packet capture and analysis is the most commonly cited network security technology planned for future acquisition, followed by threat intelligence services and next-generation firewalls.
67 percent indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (33 percent) their existing endpoint products. This number is markedly up from 56 percent in last year’s survey.
Half of those surveyed rely on continuous monitoring technologies for discovering network assets, achieving policy compliance and mitigating vulnerabilities and security misconfigurations. This is a positive trend for the industry, as only 38 percent of respondents conduct full-network scans more often than quarterly.