Making security a high priority may not lead to improved measures
Technology professionals see many steps that could be taken to improve their company’s security. Just over half of the 500 security professionals surveyed by CompTIA say their company has altered its security approach based on changes in IT operations; such as relying on more cloud-based solutions or making wider use of mobile devices and apps.
“Far more than half of all companies have adopted cloud computing and mobile devices,” noted Seth Robinson, senior director, technology analysis, CompTIA. “This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities.”
Nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago. While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.
“Simply placing a higher priority on security may not lead to improved measures,” Robinson said. “Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.”
An abundance of challenges
IT professionals tasked with keeping digital assets safe face a multitude of challenges. Just under half (47 percent) say there’s a belief within their company that existing security is “good enough.” For 43 percent, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics; while a slightly smaller percentage (37 percent) point to a lack of budget dedicated to security.
Challenges extend to finding qualified security workers at a time when the demand for security skills is increasing. For example, job postings in the category “Information Security Analysts” rose 175 percent between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.
Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53 percent want to be more informed about current threats. About 40 percent feel that they need to improve their awareness of the regulatory environment.
“The use of technology has outpaced cybersecurity literacy, so there’s also a growing need for the overall workforce to improve their knowledge and awareness of security issues,” Robinson added.
Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organization. The study also found that 56 percent of firms will seek out IT security certifications for their technology staff.