New Report Highlights Wide Ranging Cybersecurity Challenges

Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. 

- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understand software development – and most software developers don’t understand security.

- The U.S. Department of Homeland Security (DHS) states that 90 percent of security incidents result from exploits against defects in software.

- The National Security Agency’s (NSA) Center for Assured Software (CAS) reported that the total code coverage area of the average application security testing tool is only 14 percent.

- According to IDC, the hot areas for growth are security analytics / SIEM (10 percent); threat intelligence (10 percent +); mobile security (18 percent); and cloud security (50 percent). 

- The network security sandbox market, which barely existed a few years ago, is set to grow immensely as advanced persistent threats (APTs) necessitate a behavioral approach to detecting malware. New analysis from Frost & Sullivan, “Network Security Sandbox Market Analysis”, finds that the market earned revenues of $537 million in 2014 and estimates this to exceed to $3.5 billion by 2019.

- IDC predicts that by the end of 2015, 20 percent of proprietary data in the cloud will be encrypted – and by 2018, that will quickly rise to 80 percent. The encryption software market is forecasted to be worth $4.82 Billion by 2019, according to Markets and Markets.

- According to the “World Economic Forum (WEF) Global Risks 2015 Report”, most cybercrime incidents go unreported, and few companies come forward with information on their losses. That is not surprising given the risk to an organization’s reputation and the prospect of legal action against those that own up to cybercrime.

- TechSci Research says the banking and financial services sector has been the prime target of cyber criminals over the last five years, followed by IT & telecom, defense, and the oil and gas sector.

- Cybercriminals stole up to $1 billion from approximately 100 financial institutions in the U.S., Germany, Russia, Ukraine, and China over a two-year period, according to researchers from security firm Kaspersky Lab.

- Alcatel-Lucent’s Motive Security Labs estimates that last year 16 million mobile devices worldwide have been infected by malicious software – or “malware” – used by cybercriminals for corporate and personal espionage, information theft, denial of service attacks on businesses and governments, and banking and advertising scams.

- According to “Verizon’s 2015 Data Breach Investigations Report”, which analyzes security incidents that happened last year, the top five affected industries by number of confirmed data breaches were: public administration, financial services, manufacturing, accommodations and retail.

- PwC says adoption of cyber insurance as a tool to help manage security risks continues to rise. More than half (51 percent) of respondents say they have purchased cybersecurity insurance, according to the “PwC 2015 Global State of Information Security Survey”. And among those that have done so, many are taking steps to enhance their security posture in order to lower their insurance premium.

- “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor.

- More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.

- According to a recent report from DICE, a leading IT job board, the top five IT security salaries are: No. 1 – lead software security engineer at $233,333; No. 2 – chief security officer at $225,000; No. 3 – global information security director at $200,000; No. 4 – chief information security officer at $192,500; and No. 5 – director of security at $178,333.

- According to a 451 Research Q2 2015 study, based on responses from over 1,000 IT professionals, primarily in North America and EMEA, security managers reported significant obstacles in implementing desired security projects due to lack of staff expertise (34.5 percent) and inadequate staffing (26.4 percent). Given this challenge, only 24 percent of enterprises have 24×7 monitoring in place using internal resources.

- EMC’s inaugural “RSA Cybersecurity Poverty Index” that compiled survey results from more than 400 security professionals across 61 countries, states the greatest weakness of the organizations surveyed is the ability to measure, assess and mitigate cybersecurity risk with 45 percent of those surveyed describing their capabilities in this area as “non-existent,” or “ad hoc,” and only 21 percent reporting that they are mature in this domain.