IT security professionals faced increased pressure to secure their organisations in 2014 and expect that pressure to further increase this year.
A new report from managed security services company Trustwave (opens in new tab) reveals a number of issues including pressure to roll out IT projects such as cloud and mobile applications despite having unresolved security issues; the pressures of being understaffed while security threats mount; and increasing pressure from executives to protect information while being resource-constrained.
According to the survey of 1,016 IT security professionals, some of the pressure comes from above, 61 per cent of respondents said they felt the most pressure from owners, board and C-level executives -- up from 50 per cent last year.
The need to roll things out quickly is a problem too with 77 per cent of respondents saying they had been pressured to unveil IT projects that were not security ready.
Most feel that they're under-resourced too, 84 per cent want the size of their IT security team increased with 54 per cent wanting the size doubled and 30 per cent wanting it quadrupled or more.
Among emerging technologies, 47 per cent of IT and security pros were most pressured to use or deploy the cloud in 2014, up from 25 per cent in 2013. Oliver Pinson-Roxburgh EMEA Manager of Systems Engineers at Trustwave says, "When it comes to implementing cloud and big data solutions security is often an afterthought".
The report concludes with a number of recommendations including accepting that everyone is at risk (70 per cent of respondents to the survey believed they were safe from cyber attacks). It also recommends acknowledging that insider threats can be just as destructive as external ones.
In addition, it suggests that traditional, perimeter-focused security technologies simply are no longer good enough to handle today's zero-day exploits and advanced persistent and blended threats, as well as risks posed by insiders.
As a result, companies must turn to more advanced threat management solutions. Pinson-Roxburgh suggests that managing the human element has a part to play too, "Companies must make it difficult for people to make the wrong choices".
Another key recommendation is that a security first attitude is required to minimise the risk of vulnerabilities creeping in when solutions are rolled out too quickly.
Its final point is that security professionals shouldn't be afraid of looking outside their own organisations to outside partners like managed security providers for help.
The full report with more detailed findings is available to download from the Trustwave website (opens in new tab).