GDPR Hurts Security but Publicity Might Help
A survey of 900 security professionals conducted by AlienVault at Infosecurity Europe found that spending on GDPR compliance efforts has hindered threat detection but cybersecurity publicity might actually benefit the industry. Additionally, the survey reflected the strong belief that cybersecurity is becoming entrenched in politics.
Of the professionals that participated in the survey, 51% said the additional resources their organization are spending on GDPR compliance takes vital resources away from detecting threats.
In addition, the report noted that not all security publicity is bad. An overwhelming majority (84%) of respondents said that the increased cyber-threat publicity has been very useful. Without offering reasons as to how all of the press coverage is useful, the report stated, “It is likely that large public breaches raise awareness for the need of cybersecurity.”
A majority (56%), believe cybersecurity has become a political pawn, with only 17% disagreeing with that perception. “It’s easy to see why many professionals feel this way. Encryption, in particular, finds itself at the forefront of many discussions, polarizing opinion as to whether or not law enforcement should have ‘back doors’ or other means of accessing communication to crack down on crime,” the report wrote.
Cloud security threats will be the most concerning external threat moving forward, followed by distributed denial-of-service (DDoS) attacks and the international threat landscape, including threats of nation-state attacks.
Phishing is the most concerning internal threat, with 55% of respondents expressing concern that their organization will fall victim to a phishing attack. Ransomware came in at a close second, with 45% of participants ranking it as the most concerning internal threats.
Respondents were asked to select their top threat concerns. More than a quarter (29%) of respondents worry about a shortage of skilled staff, and 27% are concerned about nonmalicious insider mistakes. Less than a quarter (23%) of security professionals fear social media threats.
“The human element of phishing is what makes it attractive to attackers and [a] concern for security departments. No single control can defend against a phishing attack, and ultimately, humans make mistakes. In fact, human error can be traced back to the root cause of many breaches,” the report stated.
AlienVault said user awareness and education are important but don’t go far enough in preparing for these types of attacks. To fortify their overall security posture, companies should create a layered defense comprising of people, technology and process, according to the report.