A Thing
The Green SheetGreen Sheet

Thursday, April 13, 2017

Pressures mount for IT security pros

According to the Trustwave Holdings Inc. annual 2017 Security Pressures Report, the task of securing organizations has become even more complex as internal and external forces exert pressure to close cybersecurity vulnerability gaps. For the report, Trustwave surveyed 1,600 full-time IT professionals from organizations averaging 4,267 employees based in the United States, Canada, United Kingdom, Australia, Singapore and Japan.

As found in previous surveys, the pressure on IT pros remains significant. Fifty-three percent of respondents felt more pressure to secure their organizations against advanced security threats (29 percent), including data theft (30 percent), ransomware (18 percent) and other forms of external attack, as well as managing systems and devices internally.

"Attacks have become more targeted," said Chris Schueler, Senior Vice President of Managed Security Services at Trustwave. "We've seen in the past 12 months, with a lot of the cases we work and clients we secure that the attacks are very targeted to the corporation. They know the people that may be opening up email, not just broadcasting email, and they follow up with a phone call to that same individual to encourage them to open the email."

Accountability shift

Not only are businesses contending with more targeted attacks, but as the security industry matures, accountability for security initiatives has shifted from the boardroom to IT teams, while at the same time 15 percent cited a shortage of expertise as an ongoing issue. To offset the skill gap, 43 percent of organizations surveyed have partnered with managed security service providers (MSSPs) to install and maintain in-house systems.

"These are big companies," Schueler said. "I think the message to small companies is if you're not partnered with a MSSP, you had better do it, because a.) you're not going to be able to hire the best talent and b.) you can't hire enough people because you're on a fixed budget. If about half of the respondents are partnered with a MSSP, I think for a small company it should be 90 to 100 percent."

MarketsandMarkets estimates the MSSP market will reach $34 billion by 2021 as augmented security becomes more universal. "Over the years, it's proven that it's not just the financial services sector that's the most attacked," Schueler said. "They can make just as much money going after the franchises, and the small to medium businesses because they have connections to other sources of data…to attack where the payments are done."

Speed over security

Among other pressures cited by IT security professionals were deployment of cloud technology (49 percent), Internet of things technology (22 percent), social media (18 percent), mobile applications (7 percent) and bring your own device (5 percent) initiatives. Similarly skewed, IT professionals felt each of these technologies posed security risks.

Although down slightly from a year ago, 65 percent of respondents in the latest report felt pressured to rollout IT projects before security checks and repairs were properly addressed. As a result, 35 percent of respondents didn't think their organizations were safe from security threats, up 9 percent from the previous survey.

Commonsense approach

Borrowing from the U.S.-based National Institute of Standards and Technology, the Trustwave report reiterated the following five-point security framework: identify, protect, detect, respond and recover, all of which every modern business should have in place.

To address each of the five points, a comprehensive security program must include:

  • Risk assessment to understand business environment
  • Web application firewalls, email and web security gateways to protect against infiltration
  • Regular testing across databases, networks and applications to discover exposure points
  • Security monitoring and threat detection to uncover malicious activity
  • Incident readiness/response plans to mitigate damage caused by potential compromise

Trustwave's Schueler reminds organization, large and small, that going it alone on security is not only unnecessary but dangerous. "If they're not outsourcing portions of their cybersecurity program, or at least augmenting in a hybrid fashion with a MSSP, they need to be thinking about it very hard," he said. "If you think about being in that role, to have all that pressure and not to have anyone to lean on, that wouldn't be a position I'd want to be in." end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing