Feeling pressured to keep your organization secure? You are not alone.
According to a survey conducted as part
of Trustwave’s ‘2015 Security Pressures Report’, 54 percent of the more
than 1,000 IT professionals surveyed said they experienced more pressure
to secure their network in 2014 than they did in 2013. Fifty-seven
percent said they expect this year to be even worse. Just 11 percent
expect the amount of pressure they face to decline.
“A string of high profile data breaches
nabbed headlines in 2014,” said Josh Shaul, vice president of product
management at Trustwave. “Many called it the ‘year of the breach’. Due
to the string of breaches, more CEOs, C-level executives, board members
and others who had not thought about security before, are now paying
attention, wanting the IT team to do more to make sure their
organization isn’t the next victim.”
“They have seen the repercussions of a
major breach – financial, reputation, even job loss in some cases,” he
continued. “Based on what we have seen when working with businesses, the
conversation in the boardroom has changed. It’s no longer the board
asking the IT team ‘Are we secure?’ They are now asking, ‘How are we
secure? Show me’. The IT team has to create detailed presentations
showing what exactly they are doing to secure the organization.”
More than 60 percent of respondents felt
the most “people pressure” was exerted by their owners, board and
C-level executives — up from 50 percent the previous year. The amount of
pressure they expect to experience in 2015 varied depending on the size
of the organization, with 64 percent of enterprises foreseeing
increased pressure compared to 48 percent ofsmall to midsized businesses
(SMBs).
That pressure can have a real world
impact on product development, as 77 percent said they felt pressured to
release a product before it was security-ready.
“Attackers love to take advantage of
software and applications that contain coding deficiencies through which
they can launch exploits — and many companies are lending them a
helping hand,” according ot the Trustwave report. “For another year,
nearly four out of five security pros were pressured to prematurely roll
out IT projects, including applications, despite security concerns.”
The top operational pressures IT pros
faced related to their information security programs had to do with
emerging technologies (25 percent), advanced security threats (24
percent) and budgetary constraints (12 percent). Security product
complexity was cited by 11 percent.
Adding fuel to the fire is that many
people feel as though their teams are understaffed. Eighty-four percent
reported the need for additional help, with 54 percent of security
professionals wanting the size of their security team doubled. Thirty
percent said they wanted it quadrupled or more. Only 16 percent said the
size of their team was ideal.
Despite all this, there is a strain of
optimism running through those surveyed. Some 70 percent overall said
they are safe from cyber-attacks and data compromises.
“It’s definitely a false sense of
security,” Shaul said. “Too many organizations still have that ‘it won’t
happen to me’ mentality. Enterprises may think criminals will target
SMBs first because they don’t have as many security resources – an
assumption that’s false. Any organization that has lucrative data is
susceptible to becoming a data breach victim. It’s a matter of how
difficult the organization makes it for the criminal to break in. If
organizations have multiple layers of security in place and the
resources to continuously identify and remediate security weaknesses
across their infrastructure, criminals will move on to an easier
target.”
No comments:
Post a Comment