Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/24/2019
02:00 PM
50%
50%

Survey Shows a Security Conundrum

A new report examines and quantifies the conflicts and challenges faced by business security leaders.

A new survey illustrates how security executives are forced to embrace conundrums, conflicts, and confusion, in their jobs.

The report, from Glasswall Solutions, based on interviews with senior-level security executives in the US and UK, found that 85% rely heavily on employees as part of their defense and 40% consider employees are the sole "last line of defense" for the company - but 40% say employees are a significant source of vulnerabilities.

Some 82% say that the network perimeter is where they most need to continue security investment; meanwhile, attention across the industry is shifting to cloud architectures and post-breach detection and response.

Another irony: 96% say they'll continue to invest in antivirus solutions, but just 9% say that they have complete confidence in the those products.

For more, read here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kalexandra
50%
50%
kalexandra,
User Rank: Author
5/8/2019 | 3:45:46 PM
Re: My survey
Users will continue to be the weakest link, which is why doing the top 5 security initiatives will significantly reduce the attack surface in a measurable mannor.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:59:55 PM
Re: My survey
Its important to stress, as you stated, there is no silver bullet. This makes sense. It has to be layered security model to minimize the risks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:58:24 PM
Re: My survey
Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls. That makes sense. These tools may help however when it comes user behavior even those are bypassed in certain cases.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:56:06 PM
Re: My survey
Antivirus doesn't do it, never really has and has only gotten worse. I agree. Attacks are more sophisticated that AV is not capable of catching, so becoming more irrelevant.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:54:18 PM
Re: My survey
End users ARE the cause of almost all problens with phishing still the primary attack and infection entry. That makes sense. We just need to provide better tools so risks coming from employees behaviors are minimized.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:52:52 PM
Employees
found that 85% rely heavily on employees as part of their defense This makes sense as we know employees are the weakest link in the security model.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/26/2019 | 9:35:24 AM
Re: My survey
This sentiment needs to be echoed. I always stress actionable intelligence through the reduction of alert fatigue. If you have a proficient security team, you can make optimizations towards automated your toolsets based on the comprehension of the environment. Your forementioned toolsets are viable. But funneling them into a single pane of glass is ideal (SIEM). 

Its important to stress, as you stated, there is no silver bullet. But you need to maximize your Security workforce by maximiing your actionable intelligence. It is grueling work that takes its toll. So its important to do some work upfront to preserve this workforce while preserving an acceptable security posture.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/24/2019 | 2:16:27 PM
My survey
I have "complete confidence" in nothing, not 100% ever.  Nothing is comprehensive.  End users ARE the cause of almost all problens with phishing still the primary attack and infection entry.  They still open emails and click on links.  Antivirus doesn't do it, never really has and has only gotten worse.  Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls.  You need good security staff with knowledge and ability too.  You have to respond fast and faster.  And your security staff NEEDS a rest from it all too - it is demanding work and soul-breaking in many ways.  The days of Peter Norton are long gone.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5798
PUBLISHED: 2019-05-23
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5799
PUBLISHED: 2019-05-23
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5800
PUBLISHED: 2019-05-23
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5801
PUBLISHED: 2019-05-23
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5802
PUBLISHED: 2019-05-23
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.