The rate and sophistication of malware and data breaches continue to accelerate, a trend that is proving seemingly impossible for businesses to counter. The men and women in the trenches charged with countering such attacks feel pressure coming at them from all sides, forcing them sometimes to make decisions they don’t necessarily want to make, according to a new study by Trustwave.
The survey polled 833 chief information officers, chief information security officers, and IT security directors worldwide, 526 of whom were in the United States. It found that overall security-related pressures increased from 2012 to 2013, with more pressure expected this year. Targeted malware topped the list of security threats exerting the most pressure, followed by data breaches and phishing/social engineering.
Internally, however, the survey found that four out of five IT pros were pressured in 2013 to roll out projects despite security issues. The IT pros were most pressured to use cloud and mobile applications, even though they felt they posed the greatest security risk. Other emerging technologies they felt posed risks included big data applications, BYOD programs, and social media.
When asked who specifically in their organizations exerted pressures to roll out programs with security measures, half said it came from the board of directors, owner, or C-level executive. However, budgets for new capital outlays associated with security were cited as being most under pressure, followed closely by monthly operational expenses and staff.
“IT pros are pressured to use security technology containing all of the latest features, despite one out of three not having the resources to do so effectively,” the study notes. Meanwhile, when asked for a wish list of what they’d like to have to do their job more effectively, these IT pros said more budget, more IT security skills, and more time to incorporate it all effectively.
The Trustwave report concludes with these recommendations:
- Accept that mounting pressures, including attention from the board and other forms of internal scrutiny are increasing.
- Malware is everywhere. Make anti-malware protection a top priority.
- Augment in-house security expertise.
- Perform business-wide security risk assessments and ongoing penetration testing.
- Prioritize security awareness education.
- Automate protection for web applications.
- Stop buying security technologies for their flashy features, especially if IT doesn’t have the resources to use them.
(ABA’s affiliate Corporation for American Banking endorses Trustwave's Network Security and Data Protection Resources. Read more.)