Cloud, Mobility Still Raise Fears, Says (ISC)2 Poll

Written by Lorna Garey
June 9, 2017

Among 1,900 security pros surveyed, data loss is a concern. Many are enlisting outside help.

Lorna Garey

Security surveys are a dime a dozen lately, and findings tend to reinforce a burning need for whatever the sponsor is selling. The 2017 Cyber Trends Report is different; it was produced by the 350,000-member Information Security Community on LinkedIn, in partnership with Crowd Research Partners and sponsored by international nonprofit (ISC)2, which issues the CISSP certification and other credentials. With 1,900 respondents, about half deploying a mix of in-house and outsourced IT security, it’s a realistic look at the landscape.

And it has some good news for partners with the right skills and portfolios.

The headline – albeit not all that surprising – finding is that just 38 percent of respondents are very or extremely confident in their overall security postures. The majority of organizations represented, 52 percent, are boosting their security budgets (already averaging 21 percent of the overall IT budget excluding headcount) by an average of 21 percent; top focus areas for that spend include cloud infrastructure (33 percent), cloud applications (28 percent), training/education (23 percent) and mobile devices (23 percent).

The big worry? Phishing combined with careless and malicious end users — a recipe for ransomware. To address concerns, a majority (54 percent) of respondents plan to train and certify existing IT staff to become security experts. That’s encouraging – we as an industry need to think differently about skills, and it will help with the huge shortfall – but it’s not a quick fix. Nearer term, 47 percent plan to procure and deploy additional security technology solutions, and 41 percent plan to initiate or expand partnerships with managed services providers. About a third predict a budget increase for managed security services over the next 12 months. The report has a section specifically discussing what customers look for in managed security services and is worth a read.

5 in 5

It’s been a while since I pulled together a security news roundup, so here are some interesting bits for partners.

Microsoft closed its acquisition of Hexadite, which uses AI to automate endpoint security, building on Redmond’s Windows Defender Advanced Threat Protection efforts. The Hexadite technology works with existing security tools, essentially using AI to evaluate alerts and free up human security analysts. It can help with worries over endpoint and BYOD security, and hopefully encourage Windows shops to upgrade to the latest versions.
Not to be outdone, Google announced new machine learning capabilities to help Gmail keep spam and phishing messages – a primary source of ransomware infections – from ever showing up in end-user inboxes; the company says it can deliver over 99.9 percent accuracy.
HP says printers are being used as attack vectors. At SC Media UK, the company’s print security adviser told attendees that “CISOs need to be aware that there is an ongoing growth in memory-based attacks.” See the details here. HP and other printer vendors have built security into newer devices, a good reason to upgrade. At the very least, make sure firmware is updated, disable physical ports and enable customers to provide end customers with passwords or PINs.
Cisco and IBM are combining security forces across products, services and threat intelligence. The companies jointly announced that Cisco’s security solutions will integrate with IBM’s QRadar and MSSP offerings, and that the IBM X-Force and Cisco Talos security research teams will begin collaborating on threat intelligence research and coordinating on major cybersecurity incidents.
Arbor Networks has released a new version of its on-premises, in-line DDoS prevention system with functionality that will be valuable to MSPs that manage the devices remotely and that offer multi-layer or hybrid DDoS managed services. The new Arbor APS v5.11 console provides centralized configuration and aggregated views of all DDoS attack activity and can manage as many as 50 APS devices.

Editor’s Notebook

Congratulations to my colleagues at Penton on announcing a new eBook, “The New Channel for the Digital Transformation Era;” a new video series; and 13 new members in our Technology Channel Think Tank. They include Dawn Lindsey, head of partner marketing and programs, BigCommerce; Sandra Glaser Cheek, vice president, global channel sales & marketing, Brocade; Jason Phipps, SVP global sales & marketing, Ciena; Bill Corbin, SVP alliances & strategic partnerships, CenturyLink; Craig Schlagbaum, VP, indirect channels, Comcast; Lief Koepsel, senior director, channel marketing, Fortinet; Jim Chow, head, global system integrator partnerships, Google Cloud; Andrew Pryfogle, SVP, cloud transformation, Intelisys, a ScanSource company; Sal Patalano, chief revenue officer, Lenovo Software; Christopher Rajiah, managing partner, Lanka Venture Partners; Karl Fahrbach, head of global channels general business & global channels, SAP; Greg Dixon, CTO & technology evangelist, ScanSource; and Shawn Toldo, VP WW solution partners, VMware.

The goal of the Think Tank is to enable businesses whose mission is to help end customers embrace digital innovations. The group’s 2017 agenda is devoted to helping the channel transition to new business models, embrace new partner types and attract a new generation of workers. This is especially critical when the channel is shifting from the sale of physical goods to the delivery of digital services.

Of course, that mission aligns with our Austin Channel Partners Evolution & SDxE combined event, and we’re pleased to welcome the Think Tank to Austin and a panel of members to the keynote stage. Stay tuned!

Follow editor in chief @LornaGarey on Twitter.