Survey: Black Hat 2015 attendees most concerned about targeted attacks
Phishing and social network exploits are also distressing, as 46 percent of respondents said that they worry about different forms of social engineering.
In a survey of 460 management and staff security professionals attending the upcoming Black Hat 2015 conference, 57 percent indicated that sophisticated attacks targeted directly at the organization is their greatest concern.
Phishing and social network exploits are also distressing, with 46 percent of respondents stating that they worry about different forms of social engineering, the survey showed. Meanwhile, 21 percent were troubled by accidental data leaks by end users who fail to follow security policy.
Despite concerns over targeted attacks, “only 26 percent of respondents indicated that targeted attacks were among the top three IT security spending priorities in their organization, and only 20 percent of respondents said that targeted attacks were among the top three tasks where they spend the most time,” the survey said.
Vulnerabilities are where respondents are spending the greatest portion of their average day – 35 percent said they spend most of their day dealing with security vulnerabilities introduced by their own application development team, and 33 percent said the same of security vulnerabilities introduced through the purchase of off-the-shelf applications or systems.
Mistakes and accidents appear to be consuming some IT security spending – 26 percent of respondents said budgets get eaten up due to accidental data leaks by end users who fail to follow security policy, and 25 percent said the same of internal mistakes or external attacks that cause the organization to lose compliance with industry or regulatory requirements.
When it comes to weak spots, 33 percent of respondents said the weakest link in today's enterprise IT defenses is end users who violate security policy and are too easily fooled by social engineering attacks, and 20 percent pointed to a lack of comprehensive security architecture and planning that goes beyond “firefighting.”
Additionally, 27 percent of respondents said they have enough security staff to defend against current threats, while 51 percent said that they could use a little help.