Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Staffing Challenges, Changing Threat Landscape Hinder IT Security Efforts

A recent study focused on the concerns and challenges within the IT industry revealed that enterprise-level participants lack confidence in their organization’s overall security posture, citing staffing as one of the main reasons.

A recent study focused on the concerns and challenges within the IT industry revealed that enterprise-level participants lack confidence in their organization’s overall security posture, citing staffing as one of the main reasons.

The 2011 State of Security survey from Symantec found that attacks from the far reaching expanse of the Internet was the top concern for many of the respondents, several of which noted that concern over cyberattacks has only grown in recent months.

Yet, while there is serious concern, 57-percent of those surveyed said they lack confidence in their organization’s ability to deal with the threats they face now and emerging threats.

When asked why, 46-percent of those who expressed a distinct lack of confidence said that weak staffing numbers was the source of their worries, while 45-percent said that a lack of time to respond using existing staffing levels was to blame. Overall, 43 percent of organizations worldwide reported they are somewhat or extremely understaffed.

Those who lack confidence in their ability to respond to threats also reported issues with staffing. Some 66-percent rated their staff as less than effective and only 4-percent said their staff as completely effective.

The top three issues impacting staff effectiveness were recruiting (46-percent); retention (42-percent) and skill set gaps with existing staff (35-percent).

In addition to staffing issues, other top concerns included challenges keeping up with changes in the threat landscape, maintaining adequate visibility of their own infrastructure and managing security log and alert data in a timely and effective manner. Sixty-eight percent identified threat intelligence as one of their top two concerns.

“Although organizations are more concerned than ever about keeping up with the evolving threat environment, many still fall short of achieving high confidence in their security posture,” said David Dorosin, director of product marketing for the Threat and Risk Management group at Symantec.  “Effective threat management requires advanced technology for enterprise visibility and the correlation and analysis of security data, but our research shows that the human element is often the limiting factor for enterprise threat management teams.”

Short of a massive boost in hiring and training, situations like these will remain an issue for organizations for a long time. After all, you can’t hire people for security if the talent pool lacks the skill, and training takes time and money, leaving the existing gap around to fester,  and with no promise that those trained by a company will stick around.

The full report along with slides can be downloaded from Symantec.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.