Security Experts:

What Keeps Security Professionals Up at Night? Their Users

You might believe that the expensive network security hardware you installed will protect you from bad actors — until a single employee undoes all that good work when he doesn’t realize the attachment he just opened carries dangerous malware. It’s hard keeping criminals from infiltrating networks, much less worrying that users will simply open the door to bad guys by letting their guard down.

According to a survey of attendees at the 2016 RSA Conference, users cause the most sleepless moments for security professionals. We asked 100 attendees, “Are users your biggest security headache?” Seventy-percent said yes, about in line with a similar survey we conducted at Black Hat in 2014, where 74 percent of attendees also said users were their biggest headache. Read on for more insights from our RSA survey — as well as security professionals’ resounding “no” on whether Apple should comply with the FBI’s request to bypass iOS security.

Endpoints are the biggest source of security risk

Keyboard and MouseIn line with concerns about users, security professionals are also worried about endpoint security: After all, this is where concerns about protecting entry points and user behavior intersect. Forty-nine percent of security professionals we surveyed said endpoints are the source of their greatest security risk, followed by insider threats (21 percent), networks (16 percent), and the cloud (14 percent). This fear is borne out by research: Verizon’s 2015 Data Breach Investigations Report says that end-user devices were a factor in 82 percent of security incidents. 

Delays in patching zero-day vulnerabilities

Patching for known vulnerabilities is part of a “low hanging fruit” approach to security – in other words, it’s a straightforward way to prevent threats using zero-day vulnerabilities. When asked how quickly their organizations patched for zero-day vulnerabilities, 50 percent of security professionals said they did so in the first week. However, 24 percent said they waited a month, and 26 percent said more than a month. A delayed approach to patching leaves dangerous windows open to bad actors.

Ransomware, a rising threat, is coming onto to the radar in the security world: 49 percent of security professionals we surveyed said they or someone they knew had been infected with ransomware.

Wait-and-see approach to Windows 10

It seems like security professionals are taking a wait-and-see approach to Windows 10. Twenty-nine percent said they’ll spend the next 12 months conducting initial evaluations of the OS, while 23 percent said they plan a partial deployment during this time; 12 percent plan a wide-scale deployment of Windows 10. However, 36 percent said they have no current plans around a Windows 10 rollout.

Some survey respondents also remain unsure of how Windows 10 can be used to improve organizational security. We asked RSA attendees which Windows 10 security feature will be most effective at combating cyber attacks. Twenty-seven percent had no response; 30 percent chose Microsoft Passport (two-factor authentication), while 27 percent chose Device Guard (locking down devices so they only run trusted applications).

Prevention, not remediation, is key to cyber security

Stopping attackers before they can wreak havoc – not after – is the smartest security posture, according to RSA attendees. Sixty-four percent said prevention is the most effective aspect of a cyber security architecture, followed by detection (17 percent) and prediction (17). Only 2 percent said remediation is most effective.

When we flipped the question around, remediation wasn’t shown much love: 47 percent of security professionals said remediation is the least effective aspect of cyber security architecture; 36 percent said prediction was least effective.

A big “no” to FBI re: Apple

Of course, we couldn’t leave RSA without asking attendees to weigh in on the controversy surrounding Apple, the FBI, and the San Bernardino terrorists’ locked iPhone. Only 14 percent said they believe that Apple should comply with the FBI’s request to bypass security of the Apple iOS. An overwhelming 86 percent said Apple should not comply – reflecting the security industry’s discomfort with the idea of significantly weakening security and privacy for just a single case. We think security professionals realize that once technology companies acquiesce to government requests to bypass security features, the Pandora’s box can’t be closed.

view counter
Simon Crosby is Co–founder and CTO at Bromium. He was founder and CTO of XenSource prior to the acquisition of XenSource by Citrix, and then served as CTO of the Virtualization & Management Division at Citrix. Previously, Simon was a Principal Engineer at Intel where he led strategic research in distributed autonomic computing, platform security and trust. He was also the Founder of CPlane Inc., a network optimization software vendor. Prior to CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems. In 2007, Simon was awarded a coveted spot as one of InfoWorld’s Top 25 CTOs.