Companies Have Tweaked Security, Big IT Challenges Remain
More and more companies have altered their security approaches based on changes in IT operations: Such as relying on more cloud-based solutions or making wider use of mobile devices and apps.
According to a survey from CompTIA, the nonprofit association for the technology industry, nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago.
“Far more than half of all companies have adopted cloud computing and mobile devices,” noted Seth Robinson, senior director, technology analysis, CompTIA. “This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities.”
While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.
“Simply placing a higher priority on security may not lead to improved measures,” Robinson said. “Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.”
IT professionals tasked with keeping digital assets safe face a multitude of challenges. Just under half (47%) say there’s a belief within their company that existing security is “good enough.” For 43%, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics, while a slightly smaller percentage (37%) point to a lack of budget dedicated to security.
Challenges extend to finding qualified security workers at a time when the demand for security skills is increasing. For example, job postings in the category “Information Security Analysts” rose 175% between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.
Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53% want to be more informed about current threats. About 40% feel that they need to improve their awareness of the regulatory environment.
“The use of technology has outpaced cybersecurity literacy, so there’s also a growing need for the overall workforce to improve their knowledge and awareness of security issues,” Robinson added.
Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organization. The study also found that 56% of firms will seek out IT security certifications for their technology staff.
Photo © arka38
Source: Information Security Magazine