Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

11/19/2013
07:52 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CompTIA: False Sense Of Security? Executives Confident About Readiness, But CompTIA Study Suggests New Threats May Be Overlooked

Study finds that while organizations say IT security is a high priority, most have been slow in changing the way in which they approach security preparedness

Downers Grove, Ill., November 19, 2013 – Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to a new study released today by CompTIA, the non-profit association for the information technology (IT) industry.

The overwhelming majority of companies (82 percent) surveyed for CompTIA's 11th Annual Information Security Trends study view their current level of security as completely or mostly satisfactory.

But just 13% of firms say they've made drastic changes to their security approach over the past two years. This at a time when organizations have embraced cloud computing; enabled employee BYOD practices; and expanded their use of social tools.

"The use of new technologies necessitates a change in security approach," said Seth Robinson, director, technology analysis, CompTIA. "It's clear why companies view security as a top priority; but what's less clear is whether they are fully aware of which actions to take to build an appropriate security posture for a new era of IT."

Levels of concern for a wide range of threats remains virtually unchanged from past years, too. Most companies still view hacking and malware as the preeminent threats. But a host of new dangers are quickly becoming more prevalent, including Advanced Persistent Threats, Denial of Service attacks, IPv6 attacks and mobile malware.

"Many organizations may be assuming a satisfactory level of security without truly performing the due diligence to understand their exposure and build an appropriate security posture for a new era of IT," Robinson continued. "To truly 'move the needle' on security readiness, the overall approach must be re-evaluated from the top level of the business down through all departments."

Security and the Human Factor

Throughout the 11 years of the CompTIA study the human element has been a major factor in both security readiness and shortcomings. This year is no different. Human error accounts for the majority of root cause in security breaches; and 51% of companies say human error has become more of a factor over the past two years. This may be due in part to the introduction of cloud computing, mobility and social media into the enterprise.

Yet it's striking that few companies (21 percent) view human error as a serious concern.

"End users control powerful devices and business-class systems, often without the oversight of the IT team," said Robinson. "While they may be able to use these devices and systems, they typically do not have the background knowledge and experience with security that allows them to recognize potential threats."

Another consistent, historic theme in this study is the difficulty companies have in finding security professionals with the right skill mix. Cloud security, mobile security, data loss prevention and risk analysis are the four areas where skills are seen as most lacking in 2013.

One solution may be more security certifications for IT professionals. Two-thirds of companies say IT workers with security certifications are more valuable to the organization; while 86% say certified security workers deliver a moderate to high return on investment.

CompTIA's 11th Annual Information Security Trends study is based on online surveys of 500 business and IT professionals in the United States involved in IT decision-making for their organizations; and 500 executives at U.S. IT channel companies.

More details from the study are available at http://www.slideshare.net/comptia/comptia-11th-annual-information-security-trends. The complete report is avialable at no cost to CompTIA members, who can access the study at www.CompTIA.org or by contacting [email protected]

About CompTIA

CompTIA is the voice of the world's information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. To learn more, visit www.comptia.org, http://www.facebook.com/CompTIA and http://twitter.com/comptia.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.