The rise in the rate and sophistication of cyber attacks has predictably fuelled the pressure on security resources. However, the precise complexion and source of the pressure was largely unknown until the recent release of the Trustwave Security Pressures study. The study examines the threats most concerning to security professionals and the preferred responses.
The results of the study are based on survey responses from over 800 decision makers in the US, UK, Canada, and Germany including CIOs, CISOs, and IT Directors / Managers. Almost 60 percent of respondents were IT/ Security Directors or higher and 75 percent represented organisations in North America.
Over 50 percent of IT professionals experienced more security-related pressures in 2013 than the year before and almost 60 percent expect the pressure to grow in 2014. The source of the greatest pressure is the threat of external attack through targeted malware. The threat of data loss arising from a successful network and system breach also ranked highly as a stressor. Only 5 percent of respondents believe their organisations are not susceptible to attack.
The study revealed that owners, boards of directors and C-level executives exert the most pressure on IT professionals. This reflects the high visibility and growing board-level presence of security concerns. Cyber risk is a common and recurring subject on board agendas. According to Trustwave, executives and board members are increasingly demanding a deeper explanation from IT professionals on security postures and often display a lack of confidence in IT risk management strategies. This wariness stems partly from the seeming inability of conventional security products and solutions to stem the tide of cyber attack and data loss.
The study also revealed that respondents struggle with the complexity of security solutions, shortages in dedicated resources and controlling capital and operational budgets.
The study recommends a number of specific actions to relieve the pressure. The first involves accepting the growing level of scrutiny from boards and other sources over security practices and managing security programs as strategic business initiatives with regular reporting to executive management. Other recommendations include augmenting in-house security expertise by partnering with outside security consultants, performing periodic risk assessments and penetration tests, focusing upon securing external-facing systems, controlling third party access and avoiding over-reliance upon security tools that provide a false sense of security.
Layer Seven’s Cybersecurity Framework delivers a comprehensive strategy to protect SAP systems from cyber attack and data breach. The framework provides a series of actionable recommendations to alleviate the growing pressure on IT professionals while avoiding the need for capital expenditure in security software. The framework equips security professionals with the insight and expertise required to safeguard mission-critical SAP resources from cyber risks. Learn more.