Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/24/2019
02:00 PM
50%
50%

Survey Shows a Security Conundrum

A new report examines and quantifies the conflicts and challenges faced by business security leaders.

A new survey illustrates how security executives are forced to embrace conundrums, conflicts, and confusion, in their jobs.

The report, from Glasswall Solutions, based on interviews with senior-level security executives in the US and UK, found that 85% rely heavily on employees as part of their defense and 40% consider employees are the sole "last line of defense" for the company - but 40% say employees are a significant source of vulnerabilities.

Some 82% say that the network perimeter is where they most need to continue security investment; meanwhile, attention across the industry is shifting to cloud architectures and post-breach detection and response.

Another irony: 96% say they'll continue to invest in antivirus solutions, but just 9% say that they have complete confidence in the those products.

For more, read here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kalexandra
50%
50%
kalexandra,
User Rank: Author
5/8/2019 | 3:45:46 PM
Re: My survey
Users will continue to be the weakest link, which is why doing the top 5 security initiatives will significantly reduce the attack surface in a measurable mannor.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:59:55 PM
Re: My survey
Its important to stress, as you stated, there is no silver bullet. This makes sense. It has to be layered security model to minimize the risks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:58:24 PM
Re: My survey
Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls. That makes sense. These tools may help however when it comes user behavior even those are bypassed in certain cases.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:56:06 PM
Re: My survey
Antivirus doesn't do it, never really has and has only gotten worse. I agree. Attacks are more sophisticated that AV is not capable of catching, so becoming more irrelevant.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:54:18 PM
Re: My survey
End users ARE the cause of almost all problens with phishing still the primary attack and infection entry. That makes sense. We just need to provide better tools so risks coming from employees behaviors are minimized.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2019 | 3:52:52 PM
Employees
found that 85% rely heavily on employees as part of their defense This makes sense as we know employees are the weakest link in the security model.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/26/2019 | 9:35:24 AM
Re: My survey
This sentiment needs to be echoed. I always stress actionable intelligence through the reduction of alert fatigue. If you have a proficient security team, you can make optimizations towards automated your toolsets based on the comprehension of the environment. Your forementioned toolsets are viable. But funneling them into a single pane of glass is ideal (SIEM). 

Its important to stress, as you stated, there is no silver bullet. But you need to maximize your Security workforce by maximiing your actionable intelligence. It is grueling work that takes its toll. So its important to do some work upfront to preserve this workforce while preserving an acceptable security posture.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/24/2019 | 2:16:27 PM
My survey
I have "complete confidence" in nothing, not 100% ever.  Nothing is comprehensive.  End users ARE the cause of almost all problens with phishing still the primary attack and infection entry.  They still open emails and click on links.  Antivirus doesn't do it, never really has and has only gotten worse.  Now Malwarebytes is decent but not foolproof, ever and Crowdstrike, Splunk and Carbon Black are acceptable defense walls.  You need good security staff with knowledge and ability too.  You have to respond fast and faster.  And your security staff NEEDS a rest from it all too - it is demanding work and soul-breaking in many ways.  The days of Peter Norton are long gone.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12293
PUBLISHED: 2019-05-23
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus