IT security pros face more pressure: Trustwave report
By Canadian Security
The 2016 Security Pressures Report delves into the pressures faced by IT security professionals – from data breaches to the board room. The study shows a rise in both the current and expected pressures in the IT security career field and offers ways for security professionals to mitigate the increasing tensions.
By Canadian Security
Produced by Trustwave, the report is based on a survey of 1,414 in-house information security professionals.
“Security professionals live in a unique and stressful environment, defined by conflict with faceless attackers as well as internal threats,” said Steve Kelley, chief marketing officer at Trustwave. “Businesses rely on information security more than ever before and the pressure to show measurable success is taking a toll on security practitioners.”
Trustwave found that Internet of Things (IoT) is the emerging technology respondents feel the second-most pressure to adopt/deploy, behind the cloud. Respondents rate it the second riskiest emerging technology, also behind the cloud.
Key findings from the 2016 Security Pressures Report from Trustwave include:
• Under pressure: 63 per cent of information security professionals felt more pressure to secure their organizations in 2015 compared to the previous 12 months, and 65 per cent expect to feel additional pressure this year. Those numbers grew 9 per cent and 8 per cent, respectively, compared to last year.
• Skills gap: Shortage of security expertise has climbed from the eighth-biggest operational pressure facing security pros to the third-biggest, behind advanced security threats and adoption of emerging technologies.
• Board burden: 40 per cent of respondents feel the most pressure in relation to their security program either directly before or after a company board meeting – 1 per cent higher than how they feel after a major data breach hits the headlines.
• Detection trumps prevention: The largest security responsibilities facing 54 per cent respondents are related to detection of vulnerabilities, malware and compromised systems.
• Moved to managed: The number of respondents who either already partner or plan to partner with managed security services providers has climbed from 78 per cent to 86 per cent.
• Not ready for prime time: 77 per cent of respondents (nearly four in five) are pressured to unveil IT projects that aren’t security ready.
• Data and DDoS gloom: Customer data theft and intellectual property theft remain the top two worrying outcomes following an attack or data breach, but a disabled corporate website is the biggest riser (from 7 per cent to 13 per cent).
• Early termination: Job loss remains as the third-highest post-breach repercussion fear, but has grown from 8 per cent to 11 per cent. It sits behind reputation damage and financial damage to one’s company, respectively.
“The widening gulf between the expected outcomes and the struggle to maintain adequate solutions and staff is driving businesses, now as many as 86 per cent of them, to partner with a managed security services provider to relax the pressures and help them achieve their cyber security goals,” says Kelley.
In addition to providing year-over-year comparisons of 2014 and 2015, the third-annual report adds previously unmeasured insight related to cyber security pressures, including new data and regional viewpoints. In addition to respondents from the United States, Canada and the United Kingdom, the 2016 report features 398 Asia Pacific respondents – from Australia and Singapore – and adds new questions that address the timing of increased pressure, job security, and specific security threats that pose the greatest challenges to security practitioners.