A study based on a survey of more than 10,000 information security professionals worldwide finds that a growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years.
The study conducted by market researcher Frost & Sullivan for the International Information Systems Security Certification Consortium, or (ISC)2, says new threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to “information security professionals being stretched thin.
“In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around,” said Robert Ayoub, global program director of network security for Frost & Sullivan. “Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.
“We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are under way, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected.”
Information security professionals admitted they needed better training yet reported in significant numbers that many of these technologies are already being deployed without security in mind. For example, 70 percent of surveyed information security professionals said that they need better skills for securing clouds. At the same time, more than half of organizations already have private clouds in place, and more than 40 percent of security professionals themselves now use software-as-a-service applications.
Respondents said they aren’t ready for social media threats, either. They reported inconsistent policies and protection for end-users visiting social media sites, and nearly 30 percent reported having no social media security policies whatsoever.
Nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents. The study concludes that mobile security could be the single most dangerous threat to organizations for the foreseeable future.
“The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization,” added Ayoub. “The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.”
