New trends in network and data security are constantly added to IT’s list of possible sources of threats. But despite this, there is a serious lack of skilled IT security professionals.
Despite the information security profession’s stability and growing role in the protection of network operations and information assets, there is a workforce shortage. A 2013 study on the global information security workforce (GISW) from (ISC)² shows that growth within the career has reached double-digits, but over half of their respondents believe there are too few skilled security workers. This shortage impacts companies with security concerns, the highest priorities of which are application vulnerability, malware and mobile devices. Newer demands on security professionals are BYOD and cloud computing, with their different demands on sensitive information and needs to change existing security technologies and policies.
Top security threats are felt by over two-thirds of businesses
Threat and concerns are diverse within companies, and the most prevalent are felt by over two-thirds of respondents. Application vulnerabilities is most common at 69 percent, malware at 67 percent, and mobile devices at 66 percent. Other top concerns are with internal employees and hackers at 56 percent each, and cloud-based services at 49 percent. Organizations are also highly concerned with cyber terrorism at 44 percent, contractors and hacktivists at 43 percent each. Just under 40 percent are potential threats from trusted third parties, organized crime and state sponsored acts. These threats were rated higher by C-levels and officers than other job titles by 3 or 4 percentage points.
New sources of concern can be mitigated with staff security awareness, not just IT
Many of the top or high security threats are perceived differently from the last time the GISW study was conducted. Cloud computing as a security threat increased substantially from 43 percent in 2011 to 49 percent in 2013. This may have been caused by the rise in adoption during those two years, as well as the awareness of security concerns associated with cloud-based services. BYOD has the highest security risk assessments for current IT trends, with 78 percent of respondents considering “employee or partner owned devices” a significant risk. These concerns show that not only do security pros need to constantly educate themselves on new IT risks, but that all employees must have some perspective on security practices.