What keeps security pros up at night? Software development – or at least the lack of security involved, according to a new study.
Respondents to the sixth Global Information Security Workforce Study, conducted by (ISC)², the non-profit organization that administers the Certified Information Systems Security Professional (CISSP) certification, ranked secure software development as their greatest worry.
That squares with the prediction of Avivah Litan, an analyst at Gartner Research, who expects that one in four DDoS attacks will be application based, as my colleague Sue Marquette Poremba has written.
In the (ISC)² survey of more than 12,000 security pros worldwide, only 12 percent said they were personally involved in software development, 20 percent in procurement, and just 10 percent were involved with outsourcing.
Meanwhile, just 28 percent said their organizations can remediate from a targeted attack within one day.
"Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years," said W. Hord Tipton, executive director of (ISC)², in a statement.
In apparent reference to recent reports of cyber attacks against private U.S. corporations, Tipton added:
"More and more enterprises are being breached. We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats."