2016 Black Hat Attendee Survey

Previous Next
Previous Next
www.blackhat.com
Previous Next
July 2016
2016 Black Hat Attendee Survey Previous Next
The Rising Tide of

Cybersecurity Concern
Download
In our second annual survey of top

security professionals, Black Hat finds Subscribe
that the expectation of major breaches
is even higher than last year.
Register
Previous Next
2016 Black Hat Attendee Survey
Previous Next
In 2015, we set out to get an insiders view of the current cybersecurity environment by
SUMMARY
Previous Next
speaking to the most knowledgeable information security professionals in the industry. To
achieve that goal, we surveyed one of the most security-savvy audiences in the industry:
those who have attended the annual Black Hat USA conference. Black Hat, a forum that fea-
Previous Next tures some of the most advanced security research in the world, is a destination for discussion
among top security minds, including leading ethical hackers, IT security management, and
technology developers. The 2015 Black Hat Attendee Survey was the first of its kind, featur-
ing responses from full-time IT security professionals some two-thirds of whom had been
Download credentialed as Certified Information Systems Security Professionals (CISSP).
The results of that study were alarming, as nearly three-quarters (72%) of respondents felt it
likely that their organizations would have to deal with a major data breach in the year ahead.
Approximately two-thirds of respondents said they did not have enough staff, budget, or train-
ABOUTSubscribe
US ing to meet those challenges. With so many security experts holding pessimistic attitudes about
For more than 18 years, Black the coming year, it seemed as though the cybersecurity problem could not get much worse.
Hat has provided attendees
with the very latest in
Unfortunately, it has. The 2016 Black Hat Attendee Survey results are in and as a rule, the
information security research,
most expert security professionals in the industry are even more concerned this year than they
development, and trends.
These high-profile global
were last year.
events and trainings are driven
by the needs of the security In the 2016 Black Hat Attendee Survey, the percentage of respondents who say they have no
community, striving to bring doubt that they will need to respond to a major security breach in the next 12 months (15%) is
EXECUTIVE
together the best minds in the slightly higher than it was in 2015. The percentage of respondents who say it is very likely that
industry. they will face a major breach in the next year (25%) is up one percentage point. (See Figure 1.)
More information is available
Despite these growing concerns, security departments are still facing an alarming shortage of
at: http://www.blackhat.com.
resources. When asked if they have enough staff to face the threats they expect to see in the
www.blackhat.com July 2016 2

Register
Previous Next
Previous Next
coming year, 74% of respondents said no an priorities set by the business are not the priorities
Previous Next
even higher figure than in 2015. Sixty-two percent considered most important by security professionals.
said they do not have enough budget to defend
their organizations against coming threats. And When we asked security pros what they considered
Previous Next 67% say they themselves do not have enough the most important threats and concerns that they
training to do their jobs more than who ex- face today, they overwhelmingly answered with two
pressed this concern in 2015. emerging threats: social engineering attacks such as
phishing (46%) and sophisticated attacks targeted
Download Of all the problems that security organizations face, directly at their organization (43%). But when we
the shortage of skilled staff is the most acute. When asked those same security professionals how they
asked the reason why security initiatives fail, a spend their time, their top answers were measuring
shortage of qualified people and skills was by far risk (35%), managing compliance with industry and
the top response (37%), outpacing a lack of man- regulatory requirements (32%), and troubleshoot-
Subscribe agement support (22%) and a lack of integration ing security vulnerabilities in internally developed
among security products (14%). And the pool of applications (27%). Clearly, there is a gap between
available security pros continues to shrink: only the issues and challenges that security profession-
11% of security professionals say they are actively als consider the most concerning and the issues and
looking to change jobs (down from 12% in 2015), challenges that they spend the most time working on
and only 24% said they are even updating their and that gap is larger in 2016 than it was in 2015.
resumes (down from 30% in 2015).
In the pages that follow, we offer deeper details on
But a shortage of resources is not the only problem the survey results and the significant challenges that
that enterprise security organizations face today. security professionals face today not only in
With staffing, budget, and training all in short defending against attacks from outside the organi-
supply, security professionals are being forced to zation, but in finding the time, people, and resources
prioritize their activities but frequently, the they need to maintain those defenses.

Register
Previous Next
Previous Next
Previous Next
SYNOPSIS
Survey Name The 2016 Black Hat Attendee Survey
Previous Next
Survey Date June 2016
Region North America

Download
Number of Respondents 250
Purpose To gauge the attitudes and plans of one of the IT security industrys most
experienced and highly-trained audiences: attendees of the Black Hat conference.
Subscribe
Methodology In June 2016 Dark Reading and Black Hat conducted a survey of the Black Hat
USA conference attendees. The online survey yielded data from 250 management and staff
RESEARCH security professionals, predominantly at large companies, with 60% working at companies
with 1,000 or more employees.
The greatest possible margin of error for the total respondent base (N=250) is +/- 4.5%. UBM
was responsible for all programming and data analysis. These procedures were carried out in
strict accordance with standard market research practices

Register
Previous Next
Previous Next
Cybersecurity in Crisis Figure 1
Previous Next Security professionals fear they are losing the How likely do you think it is that your organization
war against cybercrime and the intensity will have to respond to a major security breach
of that fear is growing. In this years Black Hat in the next 12 months?
Previous Next
Attendee Survey, nearly three-quarters of secu- 2015
2016
rity pros (72%) said they think it likely that they
I have no doubt that we will have to respond to a major incident in the next 12 months
will have to respond to a major data breach in the 15%
next 12 months. Fifteen percent said they have 13%
Download no doubt that a major breach will occur up Its highly likely
25%
from 13% in 2005. Twenty-five percent said it is 24%
highly likely up from 24% last year. Its somewhat likely
There is good reason for this concern. 32%
36%
Despite record levels of spending Gartner
Subscribe Its somewhat unlikely
15%
estimates that businesses spent some $75.4
13%
billion on security technology last year Its highly unlikely
the incidence of breaches continues to grow. 7%
Risk Based Securitys Data Breach QuickView 6%
Dont know/not sure
Report cited 3,930 incidents in 2015, repre- 6%
senting more than 736 million records all- 8%
time highs both for incidents and records. Base: 250 respondents in 2016 and 460 respondents in 2015
Data: UBM survey of security professionals, June 2016
And the annual Ponemon Cost of a Data
Breach report found that the average cost
of a major data breach has jumped past $4 By almost every measure, the cybersecurity ground? The chief concern is a lack of resources.
million per incident a 29% increase problem is worse this year than it was the last. In the 2016 Black Hat Attendee Survey, nearly
since 2013 and 5% increase over last year. Why are the enterprise defenders losing three-quarters (74%) of respondents said they

Register
Previous Next
Previous Next
feel they do not have enough security staff to Figure 2
defend their organizations against current
Previous Next threats even more than in 2015. Nineteen Does your organization have enough security staff
percent said they are completely underwater to defend itself against current threats?
when it comes to staffing. (See Figure 2.)
Previous Next 2016 2015
Funding also continues to be a problem.
Yes
Despite record spending by the industry 26%
in 2015, some 63% of security professionals 27%
who responded to the survey in 2016 say their No, we could use a little help
Download 55%
departments do not have enough budget to 51%
defend their organizations against current No, we are completely underwater
15%
threats. Twenty percent said they are severely 17%
hampered by a lack of funding. What staff
4%
Subscribe Training is also a major resource issue in 5%
security. In our survey, more than two-thirds Base: 250 respondents in 2016 and 460 respondents in 2015
of respondents (67%) said they feel they do
not have enough training and skills they need
to perform all of the tasks for which they are initiatives fail, some 37% of respondents said professionals ranked social engineering as their
responsible up from 64% last year. Ten a shortage of qualified people and skills is the most frequently cited concern (46%). Sophis-
percent of respondents said they feel ill- culprit the number one answer. A lack of ticated and targeted attacks were the second
prepared for many of the threats and tasks commitment and support from top manage- most cited concern (43%). The growing use of
they face each day. ment was the second-most frequently cited ransomware by attackers was cited as the most
This shortage of resources is the primary rea- response with 22%. (See Figure 3.) serious new threat to emerge in the past 12
son why IT security efforts continue to come While security teams are struggling with a months (37%), while social engineering attacks
up short, according to the Black Hat Attendee lack of resources, the attackers continue to on specific individuals was rated the number
Survey responses. When asked why security improve their game. In our survey, security two emerging threat (20%). (See Figure 4.)
www.blackhat.com
July 2016 6
Register
Previous Next
Previous Next But external attackers arent the only thing Figure 3
that keeps security professionals awake at
Previous Next night. When asked to identify the weakest link What is the primary reason current enterprise
in the IT security chain, 28% of security pros IT security strategies and technologies fail?
cited end users who violate security policy, Other
Previous Next
making this the top response in our survey. A shortage of budget
Seventeen percent cited a lack of comprehen-
The inability of security technology to 6%
sive security architecture and planning that keep up with attackers new exploits 6% A shortage of qualified people
goes beyond firefighting a clear indication
Download that many security pros find themselves react-
6%
and skills
There are too many vulnerabilities 37%
ing to emergencies, unable to find the time in the rapidly-evolving enterprise 9%
IT environment
they need to comprehensively evaluate their
overall defense strategies. (See Figure 5.) 14%
Subscribe A lack of integration in security 22%
The Incredible Shrinking Skills Market architecture; too many
single-purpose solutions
Of all the problems and challenges cited in the
2016 Black Hat Attendee Survey, the shortage of A lack of commitment and support
from top management
security skills is the most critical. While budgets
Base: 250 respondents in 2016; not asked in 2015
and training continue to be major issues, 74% Data: UBM survey of security professionals, June 2016
of respondents said they do not have enough

people to manage the threats they face today. The security skills shortage is the primary wave of security professionals. Experts say that
These results are supported by Frost & Sullivan reason why security initiatives fail, according colleges and universities must help in this ef-
in the latest ISC2 Global Information Security to survey respondents, and this answer pres- fort, and that professional associations and
Workforce Study, which predicts that there will ents some major challenges for the indus- certification training initiatives will have to be
be a worldwide shortfall of over 1.5 million try in years to come. Clearly, there is a critical ramped up significantly in coming years.
information security professionals by 2019. need to identify and quickly train a whole new But even if this training could be done

Register
Previous Next
Previous Next immediately, and hundreds of thousands Figure 4

of new professionals were brought into the
Previous Next market, it would not solve the need for highly What is the most serious new cyberthreat
experienced staff. At least for the next sev- to emerge in the past 12 months?
eral years, it is likely that security initiatives New threats to mobile devices Other
Previous Next
that rely heavily on highly trained and ex-
perienced people will continue to fail, sim- The possibility of a major data 2%
leak/dump from a trusted 9%
ply because there are not enough people third party A rapid increase in the use
who fit these crtria. In the future, then, the of ransomware
Download security industry will be forced to re-evaluate
9%
37%
all technologies and practices that require Sophisticated malware that can 11%
deep skill sets and look toward automation circumvent current defenses
and technologies that can be operated with
12%
a minimum of training and experience.
Subscribe Espionage and intelligence
20%
And if youre trying to hire new security
gathering by nation-states on
talent this year, its going to be very hard even commercial enterprises
harder than it was last year. Thirty-five percent of Social engineering attacks targeted directly at
individuals in a specific enterprise
the respondents in the 2016 Black Hat Attendee Base: 250 respondents in 2016; not asked in 2015
Survey indicated that it would be very hard to
convince them to leave their current organiza-
tion a substantial increase from 25% last year. Why are most security pros so happy in their level I can get to and I am working toward it
Only 11% were actively looking for new work, jobs? Some of it has to do with knowing where now a hefty jump from 38% last year. An-
slightly fewer than last year (12%). Only 24% of theyre going. When asked Do you have a other 31% say they at least have some ideas
respondents said they are updating their clear upward career growth path in your about their options and theyre pretty sure
resumes and keeping an eye out for job open- current place of employment, 44% of re- Ill be here a while. (See Figure 7.)
ings down from 30% in 2015. (See Figure 6.) spondents said Yes, I know the next step or With so many companies clamoring to hire

Register
Previous Next Figure 5
What is the weakest link in todays enterprise

Previous Next
more people and with the pool of available IT defenses?
applicants shrinking it has become a sellers 2016 2015
Previous Next market for the skilled cybersecurity profession- End users who violate security policy and are too easily fooled by social engineering attacks
al. If they had to leave their current position, 28%
33%
95% of survey respondents said they believe A lack of comprehensive security architecture and planning that goes beyond firefighting
Previous Next
they could find new work either very quickly 17%
20%
(61%) or without too much trouble (34%). Cloud services and cloud application vulnerabilities
Thats quite a leap from most other Americans, 12%
who currently take 27.8 weeks, on average, to 7%
Download Mobile device vulnerabilities
find new work, according to the US Bureau of 11%
Labor Statistics. 9%
Signature-based security products that cant recognize new and zero-day threats
7%
The Security Priorities Gap 7%
Single-function security tools and products that dont talk to each other
Subscribe For the second year running, security profession-
3%
6%
als top concerns are social engineering (46%)
PC, Mac, and endpoint vulnerabilities
and sophisticated attacks targeted directly at 4%
their organization (43%). In 2015, 57% of respon- 3%
An overabundance of security information and event data that takes too long to analyze
dents cited sophisticated, targeted attacks as one 4%
of their three main worries, earning it first place 5%
Vulnerabilities in off-the-shelf software
on the list. This year, that percentage tumbled to 4%
43%, but these targeted attacks only slipped to 4%
Vulnerabilities in internally-developed software
second place in the ranks; its still one of the most 4%
critical security issues. Social engineering held 6%
Web-based threats and the failure of SSL and digital certificates
fast at 46% from 2015 to 2016, and thus rose from 2%
second place to first. (See Figure 8.) 3%
Base: 250 respondents in 2016 and 460 respondents in 2015
These threats may be the things that keep Data: UBM survey of security professionals, June 2016

Register
Previous Next
Previous Next security professionals awake at night but Figure 6

they arent necessarily the things they spend
Previous Next the most time and money on during the day. Do you have plans to seek an IT security position
For the second straight year, the Black Hat At- anytime in the near future?
tendee Survey revealed some clear differences 1%
Previous Next
between the priorities of the security pro and
Yes, I am actively looking for
the priorities of those who make the sched- 3% employment right now
ules, plans, and budgets. 11% 12% No definite plans, but I am
When asked how they spend most of their
Download time on in an average day, security profession- 32%
24% always updating my resume
and looking for a better post
als cited measuring security posture and risk 24% Im not doing any active job
30%
research, but if some other
(first place, 35%) and maintaining compliance company called me, I would
(second place, 32%) both new options in listen
33%
the 2016 survey as the top two time-con- 30%
Subscribe I really love my job and my
employer and it would take
sumers. Security vulnerabilities created by a LOT to get me to move
my own internal application development
2016 2015 I am an indentured servant
team last years first-place answer to this and would be beheaded if
Base: 250 respondents in 2016 and 460 respondents in 2015 I tried to escape
question took third place (27%). Address- Data: UBM survey of security professionals, June 2016
ing social engineering and sophisticated, tar-
geted attacks only made it to fourth place and
eighth place, respectively. (See Figure 9.) the internal dev teams errors was third (19%). These results are stark in the context of the
When asked how they spend most of their Social engineering and sophisticated targeted other data collected by the 2016 Black Hat
budget, security pros gave much the same re- attacks fared only slightly better at getting Attendee Survey, which showed a clear short-
port. Compliance took a big chunk out of the funding than they did getting man-hours, age of resources such as human capital and
most respondents budgets (31%), while risk garnering fourth place (19%) and sixth place funding. The data suggest that security profes-
measurement finished second (23%). Fixing (16%), respectively. sionals, already underfunded and understaffed,

Register
Previous Next
Previous Next are often unable to devote those limited Figure 7

resources to their most important priorities.
Previous Next Interestingly, that dichotomy is not al- Do you have a clear, upward career growth path
ways driven by a lack of understanding in your current place of employment?
among upper management. When asked
Previous Next
what they believe are the highest security- Yes, I know the next step or
related priorities of their top executives, 3% 3% level I can get to and I am
working toward it now
Black Hat Attendee Survey respondents 12% 17% No,but I have some ideas
cited both sophisticated, targeted attacks about my options and Im
Download (33%) and social engineering (24%) as be- 11% 38% pretty sure Ill be here a while
44%
ing among the top three. Compliance (28%) 11% Im not sure, but I think Im
doing a good job and I
finished second. This is consistent with last think my employer will
years data, in which security pros also saw 31% 31%
take care of me
sophisticated, targeted attacks and social No, I cant see any clear path
Subscribe for growth and Im thinking
engineering as being high on their manage- about looking for another job
ments priority lists as well. (See Figure 10.) 2016 2015
I cant type because Im
Yet even though they see management as smashed up against this
glass ceiling
having many of the same priorities that they Base: 250 respondents in 2016 and 460 respondents in 2015
do, many security pros are losing faith that
their non-security colleagues understand the
threat that their organizations face today. colleagues understand the threat but have to Survey respondents fear most is the one who
Only 25% of respondents said their non-secu- be dragged into security conversations (up has inside knowledge of their organization
rity managers and colleagues understand the from 9% last year). (See Figure 11.) (36%). Some security pros are more worried
current threat and support security efforts at Exactly what is the threat that security about attackers who have strong backing by
their organization; this is down from 31% last pros want their colleagues to understand? organized crime or nation-states (18%);
year. An additional 10% said their non-security By far, the attacker that Black Hat Attendee others are concerned about attackers who

Register
Previous Next
Figure 8
Of the following threats and challenges, which are

Previous Next
of the greatest concern to you?
have highly sophisticated attack skills (15%). In 2015
2016
general, though, respondents were most con-
Previous Next Phishing, social network exploits, or other forms of social engineering Internal mistakes or external attacks that cause
cerned about insiders or attackers who know 46% my organization to lose compliance with industry
the most about their organizations. 46% or regulatory requirements
Sophisticated attacks targeted directly at the organization 11%
What will security pros worry most about in 43% 14%
Previous Next
the future? For the second straight year, the 57% Security vulnerabilities introduced through the
Security vulnerabilities introduced by my own application development team purchase of off-the-shelf applications or systems
security of non-computer devices and systems 20% 11%
the Internet of Things was cited as the 20% 13%
Data theft or sabotage by malicious insiders in the organization Surveillance by my own government
most critical issue that respondents believe
Download 19% 10%
9%
they will worry about two years from now. The 17%
Espionage or surveillance by foreign governments or competitors Data theft, sabotage, or disclosure by hacktivists
percentage of respondents who gave this re- 16% or politically-motivated attackers
sponse dropped significantly to 28% from 20% 9%
Accidental data leaks by end users who fail to follow security policy 12%
36% a year ago but IoT remained the most 15% The effort to keep my organization in compliance
21%
Subscribe frequently cited concern on the horizon. This
Polymorphic malware that evades signature-based defenses
with industry and regulatory security guideline
9%
is a fascinating response because IoT barely 15% N/A
registers as a concern (9%) among current 20% Digital attacks on non-computer devices and
Ransomware or other forms of extortion perpetrated by outsiders systems the Internet of Things
threats. Clearly, security professionals expect 15% 9%
IoT security to become a crucial issue over the N/A 7%
next two years. (See Figure 12.) The effort to accurately measure my organizations security Attacks or exploits brought into the organization
posture and/or risk via mobile devices
13% 9%
Conclusion N/A 8%
Attacks or exploits on cloud services, applications, Attacks on suppliers, contractors, or other partners
Perhaps the most important conclusion we or storage systems used by my organization that are connected to my organizations network
can draw from the 2016 Black Hat Attendee 11% 7%
16% 12%
Survey is that the pressures on security pro-
fessionals are not letting up in fact, they Note: Maximum of three responses allowed
are intensifying. In nearly every question and Data: UBM survey of security professionals, June 2016

Register Figure 9
Previous Next
Which consume the greatest amount of your

Next
time during an average day?
Previous category, Black Hat attendees indicated that
2016 2015
their environments are more at risk this year
Previous Next The effort to accurately measure my organizations security posture and/or risk Attacks or exploits brought into the organization
than they were last year yet the availability of 35% via mobile devices
resources and skills has actually decreased. N/A 7%
The effort to keep my organization in compliance with industry and 8%
The shortage of people and skills clearly regulatory security guidelines Espionage or surveillance by foreign
Previous Next governments or competitors
jumped out as the most important issue 32%
N/A 7%
identified in this years survey. Security vulnerabilities introduced by my own application development team 8%
To compound the resource shortage, todays 27% Data theft or sabotage by malicious insiders
security pros are also facing an increasing gap 35% in the organization
Download 7%
Phishing, social network exploits, or other forms of social engineering 7%
between the priorities they themselves set 25% Attacks on suppliers, contractors, or other partners
for the security department and the priorities 31% that are connected to my organizations network
of those who control their time, people, and
Security vulnerabilities introduced through the purchase of off-the-shelf 6%
applications or systems 8%
budgets. While they might be lying awake 21% Polymorphic malware that evades signature-
nights worrying about social engineering or 33% based defenses
Subscribe Internal mistakes or external attacks that cause my organization to lose 6%
targeted attacks, their days are spent mostly compliance with industry or regulatory requirements 14%
in more mundane tasks, such as maintaining 19% Data theft, sabotage, or disclosure by hacktivists
30% or politically-motivated attackers
compliance or troubleshooting internally de- Accidental data leaks by end users who fail to follow security policy 4%
veloped applications. 19% 6%
26% Surveillance by my own government
To gain ground on the bad guys, security Sophisticated attacks targeted directly at the organization 3%
teams will have to find new ways to staff and 11% 2%
fund their initiatives perhaps through ad- 20% Digital attacks on non-computer devices and
Attacks or exploits on cloud services, applications, systems the Internet of Things
ditional automation and by reducing the re- or storage systems used by my organization 3%
quirement for highly developed skills. Security 9% 6%
11%
pros will also need to examine new technolo- Ransomware or other forms of extortion
gies and practices that can reduce the need perpetrated by outsiders
for staffing and budget, as well as new ways to 9%
N/A
make their existing team more cost-efficient. Note: Maximum of three responses allowed
www.blackhat.com
July 2016 13
Register
Previous Next
Figure 10
Previous Next
Which are of greatest concern to your companys

Previous Next top executives or management?
APPENDIX
2016 2015
Next
Sophisticated attacks targeted directly at the organization Security vulnerabilities introduced by my own
Previous application development team
33%
44% 9%
The effort to keep my organization in compliance with industry 14%
and regulatory security guidelines Attacks or exploits on cloud services, applications,
28% or storage systems used by my organization
Download N/A 7%
Phishing, social network exploits, or other forms of social engineering 12%
24% Polymorphic malware that evades
27% signature-based defenses
Accidental data leaks by end users who fail to follow security policy 5%
20% 10%
27% Attacks on suppliers, contractors, or other partners
Subscribe The effort to accurately measure my organizations security posture and/or risk that are connected to my organizations network
4%
19%
N/A 7%
Data theft or sabotage by malicious insiders in the organization Security vulnerabilities introduced through the
purchase of off-the-shelf applications or systems
17% 4%
29% 8%
Internal mistakes or external attacks that cause my organization to
lose compliance with industry or regulatory requirements Attacks or exploits brought into the organization
via mobile devices
16% 3%
27% 5%
Data theft, sabotage, or disclosure by hacktivists or politically-motivated attackers
Digital attacks on non-computer devices and
14% systems the Internet of Things
17% 3%
Espionage or surveillance by foreign governments or competitors 3%
13% Surveillance by my own government
17% 1%
Ransomware or other forms of extortion perpetrated by outsiders 3%
10%
N/A
Note: Maximum of three responses allowed
www.blackhat.com Data: UBM survey of security professionals, June 2016
July 2016 14
Register
Previous Next
Previous Next
Figure 11
Previous Next
Do non-security professionals in your organization
understand the IT security threat that your
Previous Next
organization faces today?
2016 2015
Yes, and they are supportive of IT security initiatives

25%
Download 31%
Yes, but they have to be dragged into the security discussion
10%
9%
Its a mixed bag some of them are, some of them arent
46%
41%
Subscribe There are a few who get it, but most of them are clueless
17%
17%
What threats?
2%
2%

Register
Previous Next
Figure 12
Previous Next
Previous Next
Which do you believe will be of greatest concern
two years from now?
2016 2015
Previous Next Digital attacks on non-computer devices and systems the Internet of Things Data theft, sabotage, or disclosure by hacktivists
28% or politically-motivated attackers
36% 13%
Espionage or surveillance by foreign governments or competitors 12%
24% The effort to accurately measure my organizations
26% security posture and/or risk
Download Sophisticated attacks targeted directly at the organization 9%
24% N/A
33% Accidental data leaks by end users who fail to
Phishing, social network exploits, or other forms of social engineering follow security policy
20% 7%
22% 10%
Attacks or exploits brought into the organization via mobile devices Accidental data leaks by end users who fail to
Subscribe 19%
22%
follow security policy
Attacks or exploits on cloud services, applications, or storage systems
7%
used by my organization 10%
Attacks on suppliers, contractors, or other partners
18% that are connected to my organizations network
24%
Polymorphic malware that evades signature-based defenses 7%
16% 13%
22% Internal mistakes or external attacks that cause
my organization to lose compliance with industry
Surveillance by my own government or regulatory requirements
16% 7%
15% 8%
Ransomware or other forms of extortion perpetrated by outsiders Security vulnerabilities introduced by my own
15% application development team
N/A 7%
Data theft or sabotage by malicious insiders in 7%
the organization The effort to keep my organization in compliance
with industry and regulatory security guidelines
13%
9% 6%
N/A
Note: Maximum of three responses allowed

2016 Black Hat Attendee Survey

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

2016 Black Hat Attendee Survey

Hochgeladen von

Copyright:

Verfügbare Formate

Previous Next

2016 Black Hat Attendee Survey Previous Next

The Rising Tide of

In our second annual survey of top

www.blackhat.com July 2016 2

www.blackhat.com July 2016 3

Region North America

www.blackhat.com July 2016 4

www.blackhat.com July 2016 5

of respondents said they do not have enough

www.blackhat.com July 2016 7

Previous Next immediately, and hundreds of thousands Figure 4

www.blackhat.com July 2016 8

What is the weakest link in todays enterprise

www.blackhat.com July 2016 9

Previous Next security professionals awake at night but Figure 6

www.blackhat.com July 2016 10

Previous Next are often unable to devote those limited Figure 7

www.blackhat.com July 2016 11

Of the following threats and challenges, which are

www.blackhat.com July 2016 12

Which consume the greatest amount of your

Which are of greatest concern to your companys

Yes, and they are supportive of IT security initiatives

www.blackhat.com July 2016 15

Das könnte Ihnen auch gefallen