A recent study focused on the concerns and challenges within the IT industry revealed that enterprise-level participants lack confidence in their organization’s overall security posture, citing staffing as one of the main reasons.
The 2011 State of Security survey from Symantec found that attacks from the far reaching expanse of the Internet was the top concern for many of the respondents, several of which noted that concern over cyberattacks has only grown in recent months.
Yet, while there is serious concern, 57-percent of those surveyed said they lack confidence in their organization’s ability to deal with the threats they face now and emerging threats.
When asked why, 46-percent of those who expressed a distinct lack of confidence said that weak staffing numbers was the source of their worries, while 45-percent said that a lack of time to respond using existing staffing levels was to blame. Overall, 43 percent of organizations worldwide reported they are somewhat or extremely understaffed.
Those who lack confidence in their ability to respond to threats also reported issues with staffing. Some 66-percent rated their staff as less than effective and only 4-percent said their staff as completely effective.
The top three issues impacting staff effectiveness were recruiting (46-percent); retention (42-percent) and skill set gaps with existing staff (35-percent).
In addition to staffing issues, other top concerns included challenges keeping up with changes in the threat landscape, maintaining adequate visibility of their own infrastructure and managing security log and alert data in a timely and effective manner. Sixty-eight percent identified threat intelligence as one of their top two concerns.
“Although organizations are more concerned than ever about keeping up with the evolving threat environment, many still fall short of achieving high confidence in their security posture,” said David Dorosin, director of product marketing for the Threat and Risk Management group at Symantec. “Effective threat management requires advanced technology for enterprise visibility and the correlation and analysis of security data, but our research shows that the human element is often the limiting factor for enterprise threat management teams.”
Short of a massive boost in hiring and training, situations like these will remain an issue for organizations for a long time. After all, you can’t hire people for security if the talent pool lacks the skill, and training takes time and money, leaving the existing gap around to fester, and with no promise that those trained by a company will stick around.
The full report along with slides can be downloaded from Symantec.