IT security spending priorities don’t match threats


IT security spending priorities don’t match threats

WHAT: Time to Rethink Enterprise IT Security, 2015 Black Hat Conference attendee survey.

WHY: Black Hat, the global cybersecurity event management firm, surveyed the “experienced and highly trained audience” attending its annual conference on their enterprise security priorities. 

FINDINGS: The authors report a disconnect between “the threats that keep security professionals awake at night and the tasks that keep them occupied during the day.”  Sophisticated attacks targeted directly at an organization and phishing, social network exploits or other forms of social engineering topped the list of most-concerning threats, followed by amalgam of other top threats ranging from malware, to government espionage, to attacks brought on by mobile devices. 

But the defensive tasks that IT security pros say consume the most time are addressing vulnerabilities introduced by internally developed and off-the-shelf software.  According to the report’s authors, “the data suggests that application flaws across the enterprise consume a great deal of time for the IT staff, yet are seldom considered the greatest threats.”

Budgetary and spending priorities show that same disconnect.  “The widespread range of spending priorities in the survey shows that budgets may be failing to keep up with the latest threats, and that security professionals are not able to tune that spending to meet their most current concerns,” the report asserted.  A shortage of skilled professionals also impairs organizations’ abilities to respond adequately to potential threats and breaches, respondents said. 

In terms of future threats, over a third of respondents believe that “threats borne by non-computer devices – the Internet of Things – will be among their top concerns two years from now.”  However, only 6 percent have begun to address IoT security. 

TAKEAWAY: Most enterprises are not spending their time, budget and staffing resources on the problems their security professionals consider to be the greatest threats.

GET MORE: Read the full report here.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected