How much pressure do infosec professionals face?
Businesses were under increased pressure to secure their organizations in 2014 and expect that pressure to increase in 2015, according to Trustwave.
Survey respondents also reported pressure to roll out IT projects such as cloud and mobile applications despite having unresolved security issues; the pressures of being understaffed while security threats mount; increasing pressure from C-level executives to protect information while being resource-constrained; and more.
Key findings:
Pressure is on: 54% of IT and security pros felt more pressure to secure their organizations in 2014. 57% of respondents expect to experience more pressure to secure their organization in 2015.
Differing perspectives: 64% of enterprise respondents foresee increasing pressure in 2015, compared to 48% of small- and medium-sized businesses (SMBs).
Corner-office commands: 61% of respondents said they felt the most pressure from owners, board and C-level executives – up from 50% last year.
Jumping the gun: 77% of respondents said they had been pressured to unveil IT projects that were not security ready.
False sense of security: 70% respondents believed they were safe from cyber-attacks and data compromises.
Send in the reserves: 84% wanted the size of their IT security team increased; 54% wanted the size doubled and 30% wanted it quadrupled (or more than quadrupled).
Breaking in: 62% of respondents were most pressured by external threats versus internal threats.
Cloudy forecast: Among emerging technologies, 47% of IT and security pros were most pressured to use or deploy the cloud in 2014, up from 25% in 2013.
Reaching out for help: 78% of respondents are likely or plan to partner with a Managed Security Services Provider (MSSP) in the future.
John Amaral, Senior VP of Product Management at Trustwave said: “Overall, pressures for IT and security professionals increased from 2013 to 2014 and even more distress is expected in 2015. The report also finds that the decisions security pros make are not necessarily the ones they want to make, and many report they do not have enough resources and in-house skills to deploy a defense-in-depth security program without confronting a mountain of pressure while doing it.”
“The pressures IT professionals face are growing: cybercriminals are increasingly crafty, new attack vectors are emerging, budgets are tight, skills are at a premium, security policies are either incomplete or disregarded, and many security solutions are proving too complex to manage or too basic to be useful against a professional adversary,” said Christina Richmond, Program Director, Security Services at IDC. “These pressures are driving businesses to increasingly look to partner with managed security services providers who can help control complexities related to security technologies as well as mitigate and respond to advanced security threats.”