Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/29/2010
04:53 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

80% Say Network Threats Will Increase In 2010 And 2011 While Budgets Drop

netForensics study results conclude the need for increased budgeting and resources for network security

EDISON, N.J., June 24 /PRNewswire/ -- netForensics, Inc., a leader in the Security Information and Event Management market, today announced a new study, entitled "Security in a Down Economy: Limited Budgets, Less Staff, More Threats," shows a perceived increase in network threats throughout 2010 and into 2011. The study was conducted by netForensics during the week of June 7, 2010 to learn about the impact the economic downturn has had on organizations' security posture and budgets, and the potential consequences organizations will face over the next 12-24 months as a result.

From the 100-plus survey respondents, 85% believe their organization's security environment will grow more complex over the next 24 months, leading to additional security threats in the second half of 2010 and into 2011. Yet, 53% believe their organization is not budgeting enough on security to manage increasing threats. The study results conclude the need for increased budgeting and resources for network security, while also revealing that organizations are failing to maintain or increase security talent in order to prevent the forecasted threats.

"Based on the findings of our study, organizations are cutting security staff to reduce costs, yet the overall perception is that organizations will ultimately face more threats this year and next," said Dale Cline, CEO of netForensics. "It's troublesome to see that companies are not taking measures now to prevent the increasing and undeniable threats to their networks from occurring. With security staff remaining static or decreasing, and budgets not being allocated to put security processes in place, organizations are going to face greater challenges than ever to their security posture."

Additionally, the survey showed that more than 65% of respondents do not feel confident their organization has complete visibility into its security posture at any given point in time. Respondents stated, "My organization is letting security people go," "we allocate enough capital, but we are lacking in allocation of bodies to complete the work," and "[our] organization [is] downsizing and reducing security positions." Still with the increased threats and reduced staff, more than 70% of study respondents would not outsource their security.

"The results of this survey are apparent that security professionals are being asked to do more with less, while, at the same time, the organization is being put at a higher risk," said Tracy Hulver, Executive Vice President of Products and Marketing at netForensics. "The conclusion is that companies need to look at other alternatives such as outsourcing to cloud security, deploying technologies that maximize existing security infrastructure without having to invest in new big-budget items, acquiring technology via security-as-a-service pricing models, or risk being attacked and having costly data theft or critical infrastructure failure."

Other key survey findings include:

-- A combined (63%) of respondents say that the economy has had an impact on their security posture. Over the last 12 months, respondents cited changes to their organizations security staff: increased (15%), decreased (24%) or stayed static (54%). Furthermore, similar opinions were given as to security staff changes over the course of the upcoming 12 months as the economy looks to rebuild: increasing (20%), decreasing (15%), staying static: (51%). -- (56%) of respondents feel that they are more secure today than they were 12 months ago. Yet, (80%) of the security professionals identified could not state the number of raw security events their organization deals with on a daily basis.

About netForensics

netForensics security information and event management solutions enable organizations of all sizes to rapidly identify and respond to threats and adhere to ever-changing compliance regulations. Our software and appliance products collect and centralize volumes of event log data to deliver actionable, real-time security intelligence. For more information, visit: http://www.netforensics.com read the blog or follow us on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.