HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

IT Pro’s Security Concerns for 2016 Probed by Spiceworks Survey

A new IT security report issued by Austin-based IT firm Spiceworks indicates 80% of organizations have suffered an IT security incident this year.

The company conducted a survey of 200 U.S. IT professionals to find out more about the security incidents suffered in 2015 and to gather opinions on the biggest data security threats for 2016.

This year was challenging for IT professionals, with numerous IT security incidents suffered. In spite of this, optimism appears to be high. 71% of respondents said they are planning to increase security in 2016 to deal with cybersecurity threats and next year should seem them much better prepared to deal with security threats.

The Biggest Data Security Threats in 2015

In 2015, the biggest security threats came from malware, with 51% of organizations reporting they had suffered a malware attack during the past 12 months. Phishing is still a major problem, with 38% or organizations reporting a phishing incident, while spyware infections were reported by 34% of respondents.

Please see the HIPAA Journal Privacy Policy

Interestingly, when it came to the biggest threats for 2016, 80% or IT professionals said their biggest security concern was end users. End users are viewed as the weakest link in the security chain as they lack understanding of the seriousness of security threats. They also lack the knowledge to deal with those threats, and there is resistance to security solutions and policies put in place to deal with security risks.

Perceived Major Security Risks for 2016

Respondents indicated they are very or extremely concerned about the following data security threats over the coming 12 months:

  • 53% were concerned about ransomware
  • 49% said independent hackers were a major security risk
  • 48% said shadow IT was a serious security risk (non-authorized software installations/hardware used by employees)
  • 39% were concerned about data leaks and data loss
  • 38% were concerned about spyware
  • 34% were concerned about “rogue employees”
  • 37% were concerned about password breaches
  • 25% believed organized criminal groups were a major concern
  • 12% were concerned about cyber-terrorist groups
  • 10% said hacktivists were a major cause for concern

Hardware Most Likely to be Involved in Security Breach

  • Laptops – 81%
  • Desktops – 73%
  • Smartphones – 70%
  • Servers – 49%
  • IoT devices – 49%
  • Wireless access points – 47%
  • Tablets – 42%
  • Routers and switches – 38%

What Actions are Being Taken to Address Security Risks in 2016

The most common measure being taken by organizations to address risk is the updating of hardware and software. 76% of organizations said this was one of the main ways they would be addressing security risk over the course of the next 12 months.

Respondents indicated that action was being taken to address the risk from end users. 73% of organizations said they planned to tackle the issue by enforcing end user security policies, while 72% of organizations said they would be conducting regular training sessions to educate staff members on the biggest data security threats. Training sessions were planned to help staff members identify phishing emails and avoid malware.

End users may be the biggest challenge, although IT security professionals will also be receiving further training to ensure they are up to speed on the latest security threats. 66% or organizations are planning to spend more time learning about new security threats and six out of 10 organizations will be regularly evaluating new security solutions to deal with threats as they are identified.

69% of organizations will be taking action to restrict access to corporate resources and will manage access more rigorously. 52% of respondents are planning to restrict BYOD further in 2016. 54% of IT professionals claimed a lack of time and resources to secure networks was a major challenge, while 46% claimed they had an inadequate budget allocated for security solutions.

The full report can be downloaded here.

IDC Report Indicates Major Data Breaches Are Likely to Continue in 2016


A new IDC report suggests that major data breaches will continue over the next five years, and approximately a quarter of the world’s population will become victims of data breaches by 2020. IDC researchers estimate that by the end of 2020, over 1.5 billion data breach victims will have been created.

IDC Program Vice President, Security Products and Services, Christian A. Christiansen, pointed out that while criminals are still targeting organizations for credit card data, healthcare information is increasingly being sought by cybercriminals due to the length of time that the data can be used. Credit cards are canceled within a matter of hours after the first fraudulent purchase is made, while health information and Social Security numbers have a “lifespan of months, years, or even decades.”

Consequently, cybercriminals will continue to target healthcare providers and health insurers due to the high value of their stored data. 2015 was a bad year for data breaches, but the next five years are unlikely to be much better.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.