Black Hat USA is in full swing, and cyber experts in every field have descended on Vegas to catch up on the latest cyber threat research, see the latest security technologies and cram in as much hacking and fun as possible into a few short days. However, despite their obvious dedication to the industry, these same industry experts do not see a rosy cyber future.
For the second year in a row, Black Hat organizers conducted a survey of conference attendees, publishing the results in a report titled, “2016: The Rising Tide of Cybersecurity Concern.”
The survey reveals growing concerns that they will soon face a major security breach. Nearly three-quarters of security pros (72%) said they think it likely that they will have to respond to a major data breach in the next 12 months. This in itself is not really a surprise – all forms of cybercrime are on the rise. What is more alarming is the number that believe their security departments are unprepared to meet these challenges. Nearly three-quarters of respondents (74%) say they don’t have enough staff to defend their organizations and 63% say they don’t have enough budget. Even when it comes to their own roles, many of these elite professionals declare themselves to be unprepared. More than two-thirds (67%) say they do not have the training and skills they need to perform all of the tasks for which they are responsible.
Adding to the resource shortage is a growing gap between the priorities they themselves set for the security department and the areas of greatest concern to their company’s top executives. Not surprisingly, security professionals are concerned with social engineering, targeted attacks, insider data theft and other tangible threats. But the majority of their time is spent on measuring their organization’s security risk and maintaining compliance.
Given that the skilled personnel shortage will not be getting better any time soon, security teams need to find new ways to reduce the burden on staff. One way is to reevaluate their endpoint technologies to create leaner security stacks that provide adequate anti malware protection alongside operational efficiency. For example, a stack that augments traditional signature-based approaches with memory protection and exploit prevention technology like Morphisec’s Moving Target Defense. Done right, security teams will have fewer agents to maintain, a lower level of compatibility issues, less CPU drain, fewer false alerts and lower remediation costs.