Report reveals top pressures security professionals face when fighting cybercrime
By Canadian SecurityNews Data Security cybercrime trustwave
Trustwave has released the second-annual 2015 Security Pressures Report, based on a survey of 1,016 information security professionals, that measures how much pressure in-house information security professionals are facing and the key drivers of that pressure. It also offers recommendations to help businesses make better decisions regarding their security programs.
The new report reveals businesses were under increased pressure to secure their organizations in 2014 and expect that pressure to increase in 2015. Respondents also reported pressure to roll out IT projects such as cloud and mobile applications despite having unresolved security issues; the pressures of being understaffed while security threats mount; increasing pressure from C-level executives to protect information while being resource-constrained; and more.
Key findings from the 2015 Security Pressures Report include:
· Pressure is on: 54% of IT and security pros felt more pressure to secure their organizations in 2014. 57% of respondents expect to experience more pressure to secure their organization in 2015.
· Differing perspectives: 64% of enterprise respondents foresee increasing pressure in 2015, compared to 48% of small- and medium-sized businesses (SMBs).
· Corner-office commands: 61% of respondents said they felt the most pressure from owners, board and C-level executives – up from 50% last year.
· Jumping the gun: 77% of respondents said they had been pressured to unveil IT projects that were not security ready.
· False sense of security: 70% respondents believed they were safe from cyber-attacks and data compromises.
· Send in the reserves: 84% wanted the size of their IT security team increased; 54% wanted the size doubled and 30% wanted it quadrupled (or more than quadrupled).
· Breaking in: 62% of respondents were most pressured by external threats versus internal threats.
· Cloudy forecast: Among emerging technologies, 47% of IT and security pros were most pressured to use or deploy the cloud in 2014, up from 25% in 2013.
· Reaching out for help: 78% of respondents are likely or plan to partner with a Managed Security Services Provider (MSSP) in the future.
“All signs point to turbulent times for IT and security professionals, and our findings back this up,” said John Amaral, Senior Vice President of Product Management at Trustwave. “Overall, pressures for IT and security professionals increased from 2013 to 2014 and even more distress is expected in 2015. The report also finds that the decisions security pros make are not necessarily the ones they want to make, and many report they do not have enough resources and in-house skills to deploy a defense-in-depth security program without confronting a mountain of pressure while doing it.”
“The pressures IT professionals face are growing: cybercriminals are increasingly crafty, new attack vectors are emerging, budgets are tight, skills are at a premium, security policies are either incomplete or disregarded, and many security solutions are proving too complex to manage or too basic to be useful against a professional adversary,” said Christina Richmond, Program Director, Security Services at IDC. “These pressures are driving businesses to increasingly look to partner with managed security services providers who can help control complexities related to security technologies as well as mitigate and respond to advanced security threats.”
Trustwave commissioned a third-party research firm to independently conduct the survey. Respondents included 1,016 full-time IT managers, directors, CISOs, CIOS and other decision-making IT and security professionals in the United States, United Kingdom and Canada. The survey was conducted between December 2014 and January 2015. Unlike last year’s report, in addition to revealing the global findings, the 2015 Security Pressures Report also breaks down findings from respondents in small-medium sized businesses (less than 1,000 employees) and enterprises (more than 1,000 employees).
Print this page