IT pros need to reassess security approach as stakes get higher
IT professionals need to take a look at how they're approaching security as the stakes continue to get higher, according to a new study by CompTIA.
The nonprofit association for the technology industry says many businesses still lag in readiness when it comes to cyber security, with technology professionals noting many steps that could be taken to improve a company's security.
Just over half of the 500 security professionals surveyed for the Practices of Security Professionals study say their company has altered its security approach based on changes in IT operations; such as relying on more cloud-based solutions or making wider use of mobile devices and apps.
"Far more than half of all companies have adopted cloud computing and mobile devices," explains Seth Robinson, senior director, technology analysis, CompTIA.
"This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities," he says.
According to the report. nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago. While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.
"Simply placing a higher priority on security may not lead to improved measures," Robinson notes.
"Companies may not fully understand the nature of modern threats. It's incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.
An Abundance of Challenges
Robinson says IT professionals tasked with keeping digital assets safe face a multitude of challenges.
The survey found just under half (47%) say there's a belief within their company that existing security is "good enough." For 43%, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics; while a slightly smaller percentage (37%) point to a lack of budget dedicated to security.
The report reveals challenges extend to finding qualified security workers at a time when the demand for security skills is increasing.
For example, job postings in the category "Information Security Analysts" rose 175% between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.
Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53% want to be more informed about current threats. About 40 % feel that they need to improve their awareness of the regulatory environment.
"The use of technology has outpaced cybersecurity literacy, so there's also a growing need for the overall workforce to improve their knowledge and awareness of security issues," Robinson explains.
Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organisation, the study found.
The study also found that 56% of firms will seek out IT security certifications for their technology staff.