Thursday, April 13, 2017
As found in previous surveys, the pressure on IT pros remains significant. Fifty-three percent of respondents felt more pressure to secure their organizations against advanced security threats (29 percent), including data theft (30 percent), ransomware (18 percent) and other forms of external attack, as well as managing systems and devices internally.
"Attacks have become more targeted," said Chris Schueler, Senior Vice President of Managed Security Services at Trustwave. "We've seen in the past 12 months, with a lot of the cases we work and clients we secure that the attacks are very targeted to the corporation. They know the people that may be opening up email, not just broadcasting email, and they follow up with a phone call to that same individual to encourage them to open the email."
Not only are businesses contending with more targeted attacks, but as the security industry matures, accountability for security initiatives has shifted from the boardroom to IT teams, while at the same time 15 percent cited a shortage of expertise as an ongoing issue. To offset the skill gap, 43 percent of organizations surveyed have partnered with managed security service providers (MSSPs) to install and maintain in-house systems.
"These are big companies," Schueler said. "I think the message to small companies is if you're not partnered with a MSSP, you had better do it, because a.) you're not going to be able to hire the best talent and b.) you can't hire enough people because you're on a fixed budget. If about half of the respondents are partnered with a MSSP, I think for a small company it should be 90 to 100 percent."
MarketsandMarkets estimates the MSSP market will reach $34 billion by 2021 as augmented security becomes more universal. "Over the years, it's proven that it's not just the financial services sector that's the most attacked," Schueler said. "They can make just as much money going after the franchises, and the small to medium businesses because they have connections to other sources of data…to attack where the payments are done."
Among other pressures cited by IT security professionals were deployment of cloud technology (49 percent), Internet of things technology (22 percent), social media (18 percent), mobile applications (7 percent) and bring your own device (5 percent) initiatives. Similarly skewed, IT professionals felt each of these technologies posed security risks.
Although down slightly from a year ago, 65 percent of respondents in the latest report felt pressured to rollout IT projects before security checks and repairs were properly addressed. As a result, 35 percent of respondents didn't think their organizations were safe from security threats, up 9 percent from the previous survey.
Borrowing from the U.S.-based National Institute of Standards and Technology, the Trustwave report reiterated the following five-point security framework: identify, protect, detect, respond and recover, all of which every modern business should have in place.
To address each of the five points, a comprehensive security program must include:
Trustwave's Schueler reminds organization, large and small, that going it alone on security is not only unnecessary but dangerous. "If they're not outsourcing portions of their cybersecurity program, or at least augmenting in a hybrid fashion with a MSSP, they need to be thinking about it very hard," he said. "If you think about being in that role, to have all that pressure and not to have anyone to lean on, that wouldn't be a position I'd want to be in."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
