More than half of IT security professionals believe their organizations are short-staffed in trying to deal with the growing number of network threats, according to an international survey.
The International Information Systems Security Certification Consortium –known as ISC2—said Monday its survey of 12,000 IT security personnel blame an inability to hire enough qualified information security professionals and executives who don’t fully understand the need for security for not being able to handle the workload.
Hactivism (43 percent), cyber-terrorism (44 percent), and hacking (56 percent) are among the top concerns identified by respondents in the ISC2’s sixth workforce study.
Many organizations (15 percent) are not able to put a timeframe on their ability to recover from an attack, the report says, even though service downtime is one of the highest priorities for nearly three-quarters of respondents. The data concludes that the major shortage of skilled cyber security professionals is negatively impacting organizations and their customers, leading to more frequent and costly data breaches.
Report author Michael Suby, vice-president of research at Frost & Sullivan who focuses on security issues, noted in an interview that the report also brought out a possible difference between how C-level executives see security problems and those who work in network operations centres.
For example, he said, chief information officers were “a little bit more optimistic than those working in the field (on security). That’s a sign there’s a bit of a gap between what the executive suite knows of the problem, or perceives of the challenges, and what their rank and file does.”
The results somewhat correlate with a report done last year by IT staffing firm Robert Half Technology Canada, which found 15 per cent of CIOs that responded to a survey said it was very challenging to find skilled IT security personnel. (Thirteen per cent said it was hard to find qualified help/technical desk support and 7 per cent said it was hard to find skilled applications development personnel.)
The ISC2 educates and certifies IT professionals. The survey, conducted by analyst firm Frost & Sullivan, was also sponsored by the Booz Allen Hamilton management consulting firm.
More than 12,000 information security professionals around with world were surveyed on trends and job opportunities in the information security profession.
Among other findings:
-- A multi-disciplinary approach is required to address the risks in BYOD and cloud computing. 78 per cent of respondents said BYOD technology is a significant security risk, and 74 percent reported that new security skills are required to meet the BYOD challenge. 68 percent reported social media is a security concern, with content filtering being the chief security measure used.