If you are the IT person who handles security for your company, where do you feel the most pressure when it comes to protecting business interests and consumer privacy? The folks at Trustwave sought to discover what was causing the most stress and concerns for IT and security professionals, and they just released their findings in the 2015 Security Pressures Report.
It’s an interesting perspective to study. All professionals are under pressure to perform well in their job duties, but as more companies reveal disastrous breaches and security breakdowns, IT security pros are really in the spotlight right now, with minimal room for failure. In fact, as the study stated in the introduction:
Few white-collar professions face as much mounting pressure as the information security trade. It is a discipline that, due to the widely publicized data breach epidemic, has suddenly crept out from behind the shadows of the mysterious, isolated and technical — and into the public and business mainstream.
High-profile breaches are causing a lot of headaches for those who handle security—especially since these breaches were covered extensively within the mainstream media in the past year. You really had to be unconnected to not know what happened at Target, Home Depot, Sony and Anthem. This means, perhaps for the first time in some companies, upper management is paying closer attention to security woes at other organizations and wants to make sure similar events do not happen in-house. So it is not surprising that in this report, 61 percent of security professionals claim they are getting more pressure than ever from C-level executives, board members and business owners. (According to the report, last year, which was the first year this study was conducted, only half of security professionals said they felt pressure from executives.)
While company decision makers want better security, they don’t quite understand how much goes into creating a safe network. As Corporate Counsel explained so well, there is a lot of pushing going on to adopt new security technologies, even if the security controls aren’t really in place:
Some 77 percent of respondents reported that they had felt pressure to roll out new products despite the fact that security concerns still remained. The report notes that software and applications that are released without resolving these issues are prime targets for hackers.
The report also found that there isn’t enough security staff in place at most companies to do the heavy lifting that upper management now wants. In fact, most IT security pros would like to see more hiring and budget focused on increasing security.
At the same time, the survey found that IT security staff might be a little cocky about their own skills and efforts. Seventy percent said they believed their systems were safe from potential threats and breaches. While you want to have faith in your system, you should always also believe there is some area in which you can do a better job. Ask those companies that have suffered a breach if they thought their networks were safe. One thing I’ve noticed about security breach announcements is there is always an element of surprise in how it could have happened to them.
This study gives us a clearer picture of the expectations being put on security professionals today. But it also shows that too many decision makers are still focusing on appearances rather than taking real action.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.