More than half of IT security professionals believe their organizations are short-staffed in trying to deal with the growing number of network threats, according to an international survey.
The International Information Systems Security Certification Consortium –known as ISC2—said Monday its survey of 12,000 IT security personnel blame an inability to hire enough qualified information security professionals and executives who don’t fully understand the need for security for not being able to handle the workload.
Hactivism (43 percent), cyber-terrorism (44 percent), and hacking (56 percent) are among the top concerns identified by respondents in the ISC2’s sixth workforce study.
Many organizations (15 percent) are not able to put a timeframe on their ability to recover from an attack, the report says, even though service downtime is one of the highest priorities for nearly three-quarters of respondents. The data concludes that the major shortage of skilled cyber security professionals is negatively impacting organizations and their customers, leading to more frequent and costly data breaches.
Report author Michael Suby, vice-president of research at Frost & Sullivan who focuses on security issues, noted in an interview that the report also brought out a possible difference between how C-level executives see security problems and those who work in network operations centres.
For example, he said, chief information officers were “a little bit more optimistic than those working in the field (on security). That’s a sign there’s a bit of a gap between what the executive suite knows of the problem, or perceives of the challenges, and what their rank and file does.”
The results somewhat correlate with a report done last year by IT staffing firm Robert Half Technology Canada, which found 15 per cent of CIOs that responded to a survey said it was very challenging to find skilled IT security personnel. (Thirteen per cent said it was hard to find qualified help/technical desk support and 7 per cent said it was hard to find skilled applications development personnel.)
The ISC2 educates and certifies IT professionals. The survey, conducted by analyst firm Frost & Sullivan, was also sponsored by the Booz Allen Hamilton management consulting firm.
More than 12,000 information security professionals around with world were surveyed on trends and job opportunities in the information security profession.
Among other findings:
-- A multi-disciplinary approach is required to address the risks in BYOD and cloud computing. 78 per cent of respondents said BYOD technology is a significant security risk, and 74 percent reported that new security skills are required to meet the BYOD challenge. 68 percent reported social media is a security concern, with content filtering being the chief security measure used.
– Almost half of security organizations are not involved in software development, and security is not among the most important factors when considering an outsourcing provider for software development, yet 69 percent reported application vulnerabilities as their top concern.
--63 per cent of banking, insurance, and finance respondents selected damage to the organizations’ reputation as a top priority. In healthcare, 59 per cent chose customer privacy violations as top priority. 57 per cent of construction respondents chose health and safety as a top priority, and 50 per cent of telecom and media respondents chose service downtime as their top priority.
--28 per cent of respondents believe their organizations can remediate from a targeted attack within a day, and 41 per cent said that they could remediate the damage within one week or less. A good portion of the respondents said they don’t know how long damage remediation may take. With regard to being prepared for a security incident, twice the percentage of respondents in the 2013 survey believe their readiness has worsened in the past year, as did respondents in the 2011 survey.
-– Nearly 70 per cent view certification as a reliable indicator of competency when hiring. Almost half of hiring companies – 46 per cent – require certification. 60 percent of those surveyed plan to acquire certifications in the next 12 months, and the ICS2’s CISSP is still the top certification in demand.
-- Information security professionals are enjoying stable employment. Over 80 per cent of respondents reported no change in employer or employment in the last year, and 58 percent reported receiving a raise in the last year. The number of professionals is projected to grow steady globally by more than 11 per cent annually over the next five years. The global average annual salary for ISC²-certified professionals is US$101,014, which is 33 percent higher than professionals not holding an ISC² certification earn.