It’s no secret that the threat of cyberattack is more potent than ever. Companies need to be on guard to maintain online security for their employees and customers — but are IT staffs prepared for the increased threat potential?
A new study says maybe not.
The study, from Frost & Sullivan, is based on a survey of more than 10,000 information security professionals. It found that new threats — created by the increased use of mobile devices, cloud computing, social networking and insecure applications, as well as by added responsibilities, such as addressing the security concerns of customers — have led to “information security professionals being stretched thin.”
The information security professionals surveyed said they need better training and that many technologies already are being deployed without security in mind. In addition, nearly two-thirds of the respondents did not expect to see any increase in their budget for information security personnel and cybersecurity training in 2011.
Other key findings from the study include:
- As of 2010, there are an estimated 2.28 million information security professionals worldwide. Demand for professionals is expected to increase to nearly 4.2 million by 2015.
- Application vulnerabilities are ranked by 72% of respondents as the No. 1 threat to organizations.
- Nearly 70% of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet respondents still ranked mobile devices second on the list of highest concerns.
- More than 50% of respondents reported having private clouds in place, while more than 70% reported a need for new skills to secure cloud-based technologies properly.
- Respondents reported inconsistent policies and protections for end users visiting social media sites, and slightly less than 30% have no social media security policies whatsoever.
Companies can reduce risk by investing in attracting entrants to the field and making investments in professional development, said Robert Ayoub, global program director for network security at Frost & Sullivan. Although information security professionals are being relied on for the security of organizations’ most mission-critical data and systems, they are being asked to do too much, he added.
A paradigm shift in global cybersecurity training and strategy is needed to address the skills gaps revealed by the study, experts said. They suggest a combined effort of industry, government, academia and the profession to attract and educate information security personnel and equip current professionals to address the latest threats.
Even if this combined effort results in an influx of cybersecurity professionals, will there be enough of them, and will they be in time to prevent the growing threat of cybercrime? There is no doubt that proper steps must be taken by individual organizations, as well as by the IT industry as a whole, to ensure proper cybersecurity training for cybercrime prevention.
So governance, risk and compliance managers take heed: Staff on the front line of cybersecurity need to be confident that they have adequate tools. The protection of your company’s sensitive information could depend on it.