Story image

IT pros need to reassess security approach as stakes get higher

27 May 2016

IT professionals need to take a look at how they’re approaching security as the stakes continue to get higher, according to a new study by CompTIA. 

The nonprofit association for the technology industry says many businesses still lag in readiness when it comes to cyber security, with technology professionals noting many steps that could be taken to improve a company’s security.

Just over half of the 500 security professionals surveyed for the Practices of Security Professionals study say their company has altered its security approach based on changes in IT operations; such as relying on more cloud-based solutions or making wider use of mobile devices and apps.

“Far more than half of all companies have adopted cloud computing and mobile devices,” explains Seth Robinson, senior director, technology analysis, CompTIA.

“This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities,” he says.

According to the report. nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago. While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.

“Simply placing a higher priority on security may not lead to improved measures,” Robinson notes.

“Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.”

An Abundance of Challenges

Robinson says IT professionals tasked with keeping digital assets safe face a multitude of challenges.

The survey found just under half (47%) say there’s a belief within their company that existing security is “good enough.” For 43%, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics; while a slightly smaller percentage (37%) point to a lack of budget dedicated to security.

The report reveals challenges extend to finding qualified security workers at a time when the demand for security skills is increasing.

For example, job postings in the category “Information Security Analysts” rose 175% between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.

Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53% want to be more informed about current threats.  About 40 % feel that they need to improve their awareness of the regulatory environment.

“The use of technology has outpaced cybersecurity literacy, so there’s also a growing need for the overall workforce to improve their knowledge and awareness of security issues,” Robinson explains.

Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organisation, the study found.

The study also found that 56% of firms will seek out IT security certifications for their technology staff.

Universal Robots aims for A/NZ growth with new hire
Peter Hern takes on the role of leading customer support, sales and partner development for Universal Robots in Australia and New Zealand.
Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.