Key findings include:
Concern for mobile devices. Participants were asked to rate — on a scale of 1 to 5, with 5 being highest — their organization’s ability to defend cyber threats across nine IT domains. Mobile devices (2.77) received the lowest marks, followed by laptops (2.92) and social media applications (2.93). Virtual servers (3.64) and physical servers (3.63) were deemed most secure.
The BYOD invasion. By 2016, 77 percent of responding organizations indicate they’ll have BYOD policies in place. 31 percent have already implemented BYOD policies, 26 percent will follow within 12 months, and another 20 percent will follow within two years.
Inadequate security investments. Although 89 percent of respondents’ IT security budgets are rising (48 percent) or holding steady (41 percent), one in four doubts whether their employer has invested adequately in cyber threat defenses.
Improved security or wishful thinking? Although 60 percent of respondents confessed to being affected by a successful cyber attack in 2013, only 40 percent expect to fall victim again in 2014.
Next-gen firewalls on the rise. Out of 19 designated network security technologies, next-generation firewalls (29%) are most commonly cited for future acquisition, followed by network behavior analysis (26%) and big data security analytics (24%).
Malware and phishing causing headaches. Of eight designated categories of cyber threats, malware and phishing/spear-phishing are top of mind and pose the greatest threat to responding organizations. Denial-of-service (DoS) attacks are of least concern.
Ignorance is bliss. Less than half (48 percent) of responding organizations conduct full-network active vulnerability scans more frequently than once per quarter, while 21 percent only conduct them annually.
Dissatisfaction with endpoint defenses. Over half of respondents indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (22 percent) their existing endpoint protection software.
Careless employees are to blame. When asked which factors inhibit IT security organizations from adequately defending cyber threats, “low security awareness among employees” was most commonly cited, just ahead of “lack of budget.”