According to the 2015 Black Hat Attendee Survey, nearly three quarters (73 percent) of top security professionals think it likely that their organizations will be hit with a major data breach in the next 12 months -- but they won't have enough time, money, or skilled staff to handle the crisis.
The survey polled some 460 infosec professionals, 61 percent of whom carry "security" as a full-time job title, and two thirds of whom carry a CISSP or other professional security credentials.
More than a third of the Black Hat survey respondents say that their time is consumed by addressing vulnerabilities in internally-developed software (35 percent) or in off-the-shelf software (33 percent). Meanwhile, their budgets are often consumed by compliance issues (25 percent) or sealing accidental leaks (26 percent), leaving them short of resources to fight the real threats.
Nearly a third (31 percent) of Black Hat attendees cited end users as the weakest link in the security chain. "The biggest roadblock I have is a lack of cultural importance on security," said one survey respondent. Here are the survey results, and the #1 problem that needs to be managed is: " End users who violate security policy and are too easily fooled by social engineering attacks".
We could not agree more. It is urgent that you step your users through new school, effective security awareness training combined with frequent simulated phishing attack. That combination will keep them on their toes with security top of mind.
Find out how affordable this is for your organization and be pleasantly surprised.
