Establishing Digital Trust: Don't Sacrifice Security for Convenience
According to a recent study from 451 Research, 44 percent of enterprise security managers expect to increase their budgets in the next 90 days. Only 4 percent of enterprises are planning to decrease security spending.
The study was based on over 800 customer surveys and 25 in-depth interviews with senior security professionals.
Key obstacles to fully realizing the benefits of security information and event management (SIEM) solutions, the study found, include lack of staff expertise (44.4 percent) and inadequate staffing (27.8 percent).
"There is a shortage of qualified security people in the United States," one security manager told the research firm. "I think that shortage is at very drought proportions here ... and it's very difficult to find qualified people."
As a result, only 56.9 percent of enterprises are able to devote more than one professional to SIEM implementation and monitoring.
"SIEM solutions hold a lot of promise as the centralized solution for unlocking all the secrets held in the logs of enterprise systems and marrying them with the use of threat intelligence," Daniel Kennedy, research director for information security at 451 Research, said in a statement. "That promise comes at a cost. SIEM solutions still retain a reputation for being difficult to set up, difficult to add new feeds to, and difficult to tune."
Forty-one percent of respondents said malicious hackers were their top security concern over the past 90 days, followed by navigating compliance requirements (37 percent).
Separately, a Proficio survey of more than 150 security profesionals conducted in December 2015 found that only 49 percent are satisfied that they have the technology, processes, and expertise to prevent a damaging cyber attack in 2016.
And while most organizations still don't monitor security events outside business hours, only 16 percent of respondents believe security incidents happen solely during business hours.
Respondents' top concerns regarding IT security in 2016 are insider threats (53 percent), unpatched vulnerabilities (50 percent), next-generation malware (50 percent), mobile device security (45 percent), Web application security (41 percent), spear phishing (41 percent) and ransomware (38 percent).
"It is clear that IT security professionals understand the need to have good security practices in place to combat both internal and external threats to their organizations," Proficio CEO Brad Taylor said in a statement. "But IT departments often find it challenging to monitor and prioritize security events, or they lack resources to quickly respond to critical alerts they receive."
Penetration testing leads among security tasks and operations being outsourced (at 63 percent), followed by 24/7 security event monitoring and alerting (28 percent). Fifteen percent of respondents said they plan to outsource more security tasks in 2016.
Recent eSecurity Planet articles have examined how to secure corporate data in a post-perimeter world, and how to improve database security.