This report highlights the results of a study of what cybersecurity professionals perceive as their main challenges; which types of threats they are mostly concerned about, based on their past experience; what plans do they have to solve these challenges. The purpose of this report is to determine typical successes and failures various organizations have and provide guidance to cyber security professionals to improve their practices in IT security management. The key highlights:
Challenge #1: Employee Cybersecurity Skills (81%):
Lack of cybersecurity education among organizations’ non-IT employees substantially increases risk of phishing attacks and introduces many other issues related to employee negligence.
Challenge #2: Continued Evolution of Ransomware (75%) This remains a huge concern as a never-ending series of evolving ransomware and new ransoms paid by major organization continue to dominate the news. WannaCry, Petya, NotPetya, CryptoLocker, Locky, CrySis, Bad Rabbit etc.
Challenge #3: Patching and System Hygiene (67%) Unfortunately patching still remains a great challenge for so many organizations and constant thoughts about Patch Tuesday keep a lot of system administrators awake at night.
Challenge #4: Unmanaged Devices (62%) Does your system automatically detect new endpoints in the network, such as new laptops or phones your employees bring to work? As most respondents indicates, it’s not the case for them.
Challenge #5: Integration of Cybersecurity Tools (47%) Integration between different classes for cybersecurity tools is among the top priorities for a lot of organizations.
Challenge #6: False Positives (42%) With all the sophistication of modern IT security solutions, the challenge of fine-tuning them per organization-specific needs remains important.
Challenge #7: Automatic Remediation (30%) The ability to tackle new security issues automatically (or semi-automatically) can come very handy, as quite a few respondents indicated.