Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/24/2019
02:00 PM
50%
50%

Survey Shows a Security Conundrum

A new report examines and quantifies the conflicts and challenges faced by business security leaders.

A new survey illustrates how security executives are forced to embrace conundrums, conflicts, and confusion, in their jobs.

The report, from Glasswall Solutions, based on interviews with senior-level security executives in the US and UK, found that 85% rely heavily on employees as part of their defense and 40% consider employees are the sole "last line of defense" for the company - but 40% say employees are a significant source of vulnerabilities.

Some 82% say that the network perimeter is where they most need to continue security investment; meanwhile, attention across the industry is shifting to cloud architectures and post-breach detection and response.

Another irony: 96% say they'll continue to invest in antivirus solutions, but just 9% say that they have complete confidence in the those products.

For more, read here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kalexandra
50%
50%
kalexandra,
User Rank: Author
5/8/2019 | 3:45:46 PM
Re: My survey
Users will continue to be the weakest link, which is why doing the top 5 security initiatives will significantly reduce the attack surface in a measurable mannor.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:59:55 PM
Re: My survey
Its important to stress, as you stated, there is no silver bullet. This makes sense. It has to be layered security model to minimize the risks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:58:24 PM
Re: My survey
Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls. That makes sense. These tools may help however when it comes user behavior even those are bypassed in certain cases.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:56:06 PM
Re: My survey
Antivirus doesn't do it, never really has and has only gotten worse. I agree. Attacks are more sophisticated that AV is not capable of catching, so becoming more irrelevant.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:54:18 PM
Re: My survey
End users ARE the cause of almost all problens with phishing still the primary attack and infection entry. That makes sense. We just need to provide better tools so risks coming from employees behaviors are minimized.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:52:52 PM
Employees
found that 85% rely heavily on employees as part of their defense This makes sense as we know employees are the weakest link in the security model.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/26/2019 | 9:35:24 AM
Re: My survey
This sentiment needs to be echoed. I always stress actionable intelligence through the reduction of alert fatigue. If you have a proficient security team, you can make optimizations towards automated your toolsets based on the comprehension of the environment. Your forementioned toolsets are viable. But funneling them into a single pane of glass is ideal (SIEM). 

Its important to stress, as you stated, there is no silver bullet. But you need to maximize your Security workforce by maximiing your actionable intelligence. It is grueling work that takes its toll. So its important to do some work upfront to preserve this workforce while preserving an acceptable security posture.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/24/2019 | 2:16:27 PM
My survey
I have "complete confidence" in nothing, not 100% ever.  Nothing is comprehensive.  End users ARE the cause of almost all problens with phishing still the primary attack and infection entry.  They still open emails and click on links.  Antivirus doesn't do it, never really has and has only gotten worse.  Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls.  You need good security staff with knowledge and ability too.  You have to respond fast and faster.  And your security staff NEEDS a rest from it all too - it is demanding work and soul-breaking in many ways.  The days of Peter Norton are long gone.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.