Feeling pressured to keep your organization secure? You are not alone.
According to a survey conducted as part of Trustwave’s ‘2015 Security Pressures Report‘, 54 percent of the more than 1,000 IT professionals surveyed said they experienced more pressure to secure their network in 2014 than they did in 2013. Fifty-seven percent said they expect this year to be even worse. Just 11 percent expect the amount of pressure they face to decline.
“A string of high profile data breaches nabbed headlines in 2014,” said Josh Shaul, vice president of product management at Trustwave. “Many called it the ‘year of the breach’. Due to the string of breaches, more CEOs, C-level executives, board members and others who had not thought about security before, are now paying attention, wanting the IT team to do more to make sure their organization isn’t the next victim.”
Related: Know What Hackers Know – HP Cyber Risk Report 2015
“They have seen the repercussions of a major breach – financial, reputation, even job loss in some cases,” he continued. “Based on what we have seen when working with businesses, the conversation in the boardroom has changed. It’s no longer the board asking the IT team ‘Are we secure?’ They are now asking, ‘How are we secure? Show me’. The IT team has to create detailed presentations showing what exactly they are doing to secure the organization.”
More than 60 percent of respondents felt the most “people pressure” was exerted by their owners, board and C-level executives — up from 50 percent the previous year. The amount of pressure they expect to experience in 2015 varied depending on the size of the organization, with 64 percent of enterprises foreseeing increased pressure compared to 48 percent of small to midsized businesses (SMBs).
That pressure can have a real world impact on product development, as 77 percent said they felt pressured to release a product before it was security-ready.
“Attackers love to take advantage of software and applications that contain coding deficiencies through which they can launch exploits — and many companies are lending them a helping hand,” according ot the Trustwave report. “For another year, nearly four out of five security pros were pressured to prematurely roll out IT projects, including applications, despite security concerns.”
The top operational pressures IT pros faced related to their information security programs had to do with emerging technologies (25 percent), advanced security threats (24 percent) and budgetary constraints (12 percent). Security product complexity was cited by 11 percent.
Adding fuel to the fire is that many people feel as though their teams are understaffed. Eighty-four percent reported the need for additional help, with 54 percent of security professionals wanting the size of their security team doubled. Thirty percent said they wanted it quadrupled or more. Only 16 percent said the size of their team was ideal.
Despite all this, there is a strain of optimism running through those surveyed. Some 70 percent overall said they are safe from cyber-attacks and data compromises.
“It’s definitely a false sense of security,” Shaul said. “Too many organizations still have that ‘it won’t happen to me’ mentality. Enterprises may think criminals will target SMBs first because they don’t have as many security resources – an assumption that’s false. Any organization that has lucrative data is susceptible to becoming a data breach victim. It’s a matter of how difficult the organization makes it for the criminal to break in. If organizations have multiple layers of security in place and the resources to continuously identify and remediate security weaknesses across their infrastructure, criminals will move on to an easier target.”
