Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/29/2010
04:53 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

80% Say Network Threats Will Increase In 2010 And 2011 While Budgets Drop

netForensics study results conclude the need for increased budgeting and resources for network security

EDISON, N.J., June 24 /PRNewswire/ -- netForensics, Inc., a leader in the Security Information and Event Management market, today announced a new study, entitled "Security in a Down Economy: Limited Budgets, Less Staff, More Threats," shows a perceived increase in network threats throughout 2010 and into 2011. The study was conducted by netForensics during the week of June 7, 2010 to learn about the impact the economic downturn has had on organizations' security posture and budgets, and the potential consequences organizations will face over the next 12-24 months as a result.

From the 100-plus survey respondents, 85% believe their organization's security environment will grow more complex over the next 24 months, leading to additional security threats in the second half of 2010 and into 2011. Yet, 53% believe their organization is not budgeting enough on security to manage increasing threats. The study results conclude the need for increased budgeting and resources for network security, while also revealing that organizations are failing to maintain or increase security talent in order to prevent the forecasted threats.

"Based on the findings of our study, organizations are cutting security staff to reduce costs, yet the overall perception is that organizations will ultimately face more threats this year and next," said Dale Cline, CEO of netForensics. "It's troublesome to see that companies are not taking measures now to prevent the increasing and undeniable threats to their networks from occurring. With security staff remaining static or decreasing, and budgets not being allocated to put security processes in place, organizations are going to face greater challenges than ever to their security posture."

Additionally, the survey showed that more than 65% of respondents do not feel confident their organization has complete visibility into its security posture at any given point in time. Respondents stated, "My organization is letting security people go," "we allocate enough capital, but we are lacking in allocation of bodies to complete the work," and "[our] organization [is] downsizing and reducing security positions." Still with the increased threats and reduced staff, more than 70% of study respondents would not outsource their security.

"The results of this survey are apparent that security professionals are being asked to do more with less, while, at the same time, the organization is being put at a higher risk," said Tracy Hulver, Executive Vice President of Products and Marketing at netForensics. "The conclusion is that companies need to look at other alternatives such as outsourcing to cloud security, deploying technologies that maximize existing security infrastructure without having to invest in new big-budget items, acquiring technology via security-as-a-service pricing models, or risk being attacked and having costly data theft or critical infrastructure failure."

Other key survey findings include:

-- A combined (63%) of respondents say that the economy has had an impact on their security posture. Over the last 12 months, respondents cited changes to their organizations security staff: increased (15%), decreased (24%) or stayed static (54%). Furthermore, similar opinions were given as to security staff changes over the course of the upcoming 12 months as the economy looks to rebuild: increasing (20%), decreasing (15%), staying static: (51%). -- (56%) of respondents feel that they are more secure today than they were 12 months ago. Yet, (80%) of the security professionals identified could not state the number of raw security events their organization deals with on a daily basis.

About netForensics

netForensics security information and event management solutions enable organizations of all sizes to rapidly identify and respond to threats and adhere to ever-changing compliance regulations. Our software and appliance products collect and centralize volumes of event log data to deliver actionable, real-time security intelligence. For more information, visit: http://www.netforensics.com read the blog or follow us on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.