The second annual Cyberthreat Defense Report continues this process of striving to inform the IT security community, not about the latest and greatest “baddies” to emerge on the scene, but rather how their peers are electing to defend against them. Based on a rigorous survey of IT security decision makers and practitioners across North America and Europe, the Cyberthreat Defense Report examines the current and planned deployment of countermeasures against the backdrop of numerous perceptions, such as:
- The adequacy of existing cybersecurity investments, overall and within specific domains of IT
- The likelihood of being compromised by a successful cyberattack within the next 12 months
- The types of cyberthreats that pose the greatest risk to a given organization
- The organizational factors that represent the most significant barriers to establishing effective cyberthreat defenses
- The impact that software-defined networking (SDN) may have on an organization’s ability to defend against cyberthreats
By revealing these details we hope to provide IT security decision makers with a better understanding of how their perceptions, concerns, priorities, and – most importantly – current defensive postures stack up against those of other IT security professionals and organizations. Applied in a constructive manner, the data, analyses, and findings that are covered can be used by diligent IT security teams to gain insights into many practical questions, such as:
- Where do we have gaps in our cyberthreat defenses relative to other organizations?
- Have we fallen behind in our defensive strategy to the point where our organization is now the “lowhanging fruit” (i.e., likely to be targeted more often due to its relative defensive weaknesses)?
- Are we on track with both our approach and progress in continuing to address traditional areas of concern – such as strengthening endpoint security and reducing our attack surface – as well as tackling newer ones, such as providing security for mobility and defending against advanced persistent threats (APTs)?
- How are other IT security practitioners thinking differently about cyberthreats and their defenses, and should we adjust our perspective and plans to account for these differences?
A second objective is to provide developers of IT security technologies and products with some of the answers they need to better align their solutions with the concerns and requirements of their potential customers. The net result should be better market traction and success for solution providers that are paying attention, and better cyberthreat protection technologies for all of the intrepid defenders out there.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program