Platinum sponsor:

h Responses from 1,200 qualified IT security decision makers and practitioners

h All from organizations with more than 500 employees

h Representing 17 countries across North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa

h Representing 19 industries

Survey Demographics

“In 2018, there is a new king of security inhibitors – ‘lack of skilled personnel’ … the aggregate data from this year shows the staffing challenge to be most acute for security administrators, with just shy of one-third (32.3%) of respondents selecting that role as a problem area for their organization.”

– 2018 CDR

CyberEdge Group’s fifth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,200 IT security decision makers and practitioners conducted in November 2017, the report delivers countless insights that IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.

Notable Findings � Malware is “king of pain.” Of 11 categories of cyberthreats, malware is the greatest concern

for responding organizations, followed closely by ransomware and phishing. � Patch management woes. More than four in five organizations (83.4%) are experiencing

challenges when it comes to patching known vulnerabilities in a timely manner, with “infrequent windows to take production systems offline” cited as the biggest obstacle.

� Threat hunting off target. Less than a third of respondents are confident their organization’s investment in cyberthreat hunting solutions is sufficient.

� Security budgets on the rise. The average security budget is increasing 4.7% in 2018 and represents, on average, 12% of an organization’s overall budget for IT.

� Security skills in short supply. More than four in five organizations (80.9%) are experiencing a shortfall of skilled IT security personnel, with the education (87.1%) and telecom/technology (85.1%) verticals being the hardest hit.

Breaches are InevitableThe conclusion that no organization is immune from cyberattacks has never been clearer. When asked to estimate the number of times their organization’s network was compromised by a successful cyberattack within the past year, just over three-quarters (77.2%) of respondents admitted to at least one such incident, while more than a quarter (27.4%) fell into the unenviable category of having been breached more than six times. The prospects for the coming year are equally daunting, as only 12.8% consider it “not likely” that their organizations will be breached in 2018. As for types of cyberthreats causing the greatest concern for today’s security practitioners, malware once again earned the “king of pain” title, followed by ransomware and phishing/spear-phishing attacks (see Figure 1).

Figure 1: Cyberthreats causing the greatest concern

2018 CyberthreatDefense ReportExecutive SummaryA CyberEdge Group Report

About CyberEdge GroupCyberEdge Group is an award-winning research, marketing, and publishing firm serving the needs of information security vendors and service providers. Our expert consultants give our clients the edge they need to increase revenue, defeat the competition, and shorten sales cycles. For information, connect to our website at www.cyber-edge.com.

© 2018 CyberEdge Group, LLC. The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC. All other trademarks and service marks are the property of their respective owners

Figure 2: Inhibitors to establishing effective cyberthreat defenses

Overcoming Security’s Top ObstaclesAgain this year, respondents rated lack of skilled personnel, low security awareness among employees, and too much data to analyze as the greatest inhibitors to their organizations’ ability to set up effective cyberthreat defenses (see Figure 2). Also, worth noting is “lack of effective solutions available in the market” jumping up five spots from last year to land in fourth place this time around. Given these and other key findings, such as ongoing struggles with patching vulnerabilities and reducing attack surface,

Exposing and Containing Digital Risk More than nine in 10 respondents acknowledged their organizations have significant challenges related to cloud security – with maintaining data privacy, controlling access, and monitoring for threats at the top of the list. An eye-opening finding, we also consider it symptomatic of a greater issue. A common underlying characteristic of all major IT trends – be it greater user of cloud services, the Internet of Things, the API economy, or digital transformation in general – is the increasingly seamless movement of data among entities. And along with this expansion and acceleration of data movement comes a corresponding increase in digital risk: a greater dependency on such data exchanges happening in the first place, and a greater susceptibility to failure when they don’t. Counteracting this risk and adequately securing your valuable information under such circumstances depends in large part on having a foundation of pervasive visibility, where all relevant details of data movement across all of an organization’s physical, virtual, and cloud infrastructure are efficiently “gathered once and distributed many” to the prevention, detection, prediction, and containment tools required to achieve a Defender Lifecycle Model (www.gigamon.com/defender-lifecycle).

it seems clear that what security teams need most at this point is a way to simply “get the job done.” More specifically, they need a security architecture/platform that enables individual security products to work well together, for example by offloading/optimizing their operation and simplifying the introduction of new security tools/technologies, while enabling orchestration and automation to reduce not only incident response times, but also the dependency on skilled operators.

Complimentary Report For a complimentary copy of the full 2018 Cyberthreat Defense Report, connect to: www.gigamon.com/cdr2018.

About GigamonGigamon is the company driving the convergence of networking and security. We make threats more visible with the GigaSECURE® Security Delivery Platform, a next-generation packet broker purpose built for security. Whether on-premises, virtual or in the cloud, organizations use a single platform for visibility, to stop tool sprawl and save costs. Learn how you can make your infrastructure more resilient, more agile and more secure at www.gigamon.com.