A whopping 94% of security professionals surveyed said they are optimistic that their ability to prevent security breaches will improve in 2015.
Bold Words
81% of them said they would "personally guarantee" the safety of their customers' data in 2015.
Malware Prevention a Top Priority
70% of respondents said they will deploy advanced security defenses for rapidly detecting sophisticated malware, topping the list of planned investments.
Security Investments Abound
The majority of respondents plan to invest in prioritizing threats (58%), updating security policies (56%), subscribing to threat intelligence services (54%) and replacing ineffective endpoint solutions (51%).
Tiny Status Quo
Just 3% of respondents said they see no need to make any changes to their security programs.
More Attacks Expected
68% of respondents said their company is more likely to be targeted by cyber-attackers in 2015; only 10% said such attacks are less likely.
CISOs Boost Awareness …
Companies that employ a CISO are much more likely to expect a cyber-attack (73%) than companies that lack a CISO (48%).
… and Confidence
96% of companies with CISOs are optimistic that their breach-prevention capabilities will improve in 2015, with 85% personally guaranteeing the safety of customer data.
Focus on Sophisticated Attacks
Respondents are more concerned about advanced persistent threats (65%) and targeted malware attacks (61%) than they are about less sophisticated attacks such as spear phishing (42%) and insider threats (33%).
Mobile Barely on Radar
Despite the growth of BYOD and widespread awareness of its risks, only 22% cited mobile threats as a top concern.
Support From Above Expected
Nearly all respondents said they expect senior management to be more responsive to security recommendations, regardless of whether their organization employs CISOs (98%) or not (95%).
The IT security landscape in 2015 is setting up to be a study in contrasts: Confidence is high among security professionals, even though they expect to be victimized by more attacks, and, as a result, they are planning to significantly beef up their defenses during the coming year. Such is the takeaway from a recent survey of 250 IT security professionals conducted by security vendor ThreatTrack Security. The confidence expressed by the respondents seems to contradict a market that was shaken by a series of headline-grabbing data breaches during 2014. Julian Waits, CEO of ThreatTrack, believes that the findings hint at a welcome combination of confidence and practicality. "The overwhelming optimism that the survey respondents showed seems to indicate a growing confidence in newly available predictive security analytics tools that may help them to more quickly identify attack campaigns in progress," Waits said. "At the same time, they indicated that they are aware of the increased risk of attacks that they will almost certainly face in 2015, which goes to show that they aren't operating with their heads in the sand." One additional consideration the survey unearthed: Companies that employ a chief information security officer (CISO) appear to possess more awareness of the potential for attacks and a slightly higher level of confidence.
Tony has been writing about the intersection of technology and business for more than 20 years and currently freelances from the Grass Valley, Calif., home where he and his wife are raising their two boys. A 1988 graduate of the University of Missouri-Columbia School of Journalism and regular contributor to Baseline since 2007, Tony's somewhat infrequent Twitter posts can be found at http://twitter.com/tkontzer.