by Prakash Linga - CTO of Vera - Wednesday, 26 August 2015.
There’s an unfortunate disconnect between the priorities of security teams and where they’re investing their time, focus, and budget. The recent 2015 Black Hat Attendee Survey found that while security pros are primarily concerned with the looming threats from sophisticated direct attacks and the long-term risks of social engineering, they’re actually spending the bulk of their time dealing with much more commonplace challenges.
This isn’t an academic problem - it’s a daily struggle between managing the urgent at the expense of the important. And we can’t address it without changing the way we think about these issues. Put simply, when your security team is devoting the majority of your resources to battling data loss from commonplace, avoidable risk vectors, there’s no way you can take a more proactive approach to the larger, more important threats.
There’s yet another dimension to this complex situation. The two biggest contributors to security budget spend are the short-term, lower-priority challenges of internal compliance errors and accidental data leaks. That’s precisely the opposite of what it should be, and exactly why companies will spend almost $80B on security technology this year. And they won’t have much to show for their efforts.
The root causes of these time-consuming security gaps are three-fold:
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.