Professionals Say Network Security is Getting Harder

A  survey conducted by Bricata, a network security company, found 64% of security professionals said network security is getting harder and a fifth of all respondents it is getting significantly harder. 

That’s probably not surprising, but what’s more important is understanding “Why?” and twenty-nine respondents gave answers as to why security is getting harder. 

 

Here are those answers.

1) Attacks are more sophisticated.
Spending and awareness at the executive level continues to grow, however attacks and exploits are becoming increasingly more advanced and difficult to defend or protect from.
2) More vectors of attack. 
The risks to networks have become more significant from other attack vectors than a specific network intrusion. Some of those vectors are becoming harder to manage, can affect networks, but I wouldn’t refer to them solely as network security issues.
3) Organic network sprawl.
More things keep getting added to the network and more computer systems proliferate throughout offices with more vulnerabilities.
4) Business acquisitions and cloud add to the network.
Acquisitions have made it more challenging. Supporting both AWS and Microsoft Azure cloud services also testing our support limits as development rushes into this space headlong. Where responsibilities moved from a traditional hardware stack to Amazon Web Services (AWS). Network security in AWS is a whole new ballgame to learn.
5) Zero trust. 
The perimeter is now fluid. With the onset of mobile devices, IoT and remote workforce, end users are requiring access from anywhere, at any time with the same functionality provided from an office workstation on the network.
 And there have more deep hackings into previously thought solid safe spaces.
6) Lack of network visibility.
It’s due to moving services to clouds and using end-to-end encryption, it is not easy to see what is going on there.
7) Threat actor collaboration.
The bad guys are working together more than us good guys.
8) Training hasn’t kept pace with attacks. 
It doesn’t feel like training or education is keeping pace for defenders with what attackers are capable of doing.
9) Hackers have tools too.
Hackers are using more complex and comprehensive tools and internal users are seemingly less aware of what they do to reduce protection.
10) Third-party and supply chain threats
There is an increase in threats from third-party networks and IoT devices.
11) Ransomware variants. 
Ransomware variants are growing, and threats are evolving.
12) User error and complacency. 
Still having issues with user errors; challenges of attacks are getting more sophisticated.
Threats are not going away, and people are becoming to a point more complacent.
13) Security is playing catch up.
We are playing catch up because security wasn’t a priority with this company until recently.
14) State-sponsored attacks. 
An increase in threats, state-sponsored attacks.

Bricata:              Image: Nick Youngson

You Might Also Read:

Over 90% Of Security Pros Fear Insider Threats:

 

« US Cyber Strike On Iran Is A Step Change
Most Cyber Insurance Claims Result from Human Error »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.

IronClad Encryption (ICE)

IronClad Encryption (ICE)

Ironclad Encryption is Dynamic Encryption. The encryption sequence changes continuously so there is never a correlation between data sent and data received.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.