Businesses in a new survey feel pretty good about their readiness to combat threats despite not having made significant changes to how they approach IT security in recent years.
That's according to CompTIA, which found in a new survey that 82 percent of businesses consider their current level of security to be either "completely" or "mostly" satisfactory. Yet only 13 percent of firms say they’ve made drastic changes to their security approach over the past two years – surprising when you consider how organizations are embracing cloud computing, enabling employee BYOD practices and expanding their use of social tools.
“The use of new technologies necessitates a change in security approach," said Seth Robinson, director, technology analysis, CompTIA. “It’s clear why companies view security as a top priority; but what’s less clear is whether they are fully aware of which actions to take to build an appropriate security posture for a new era of IT."
Robinson says that levels of concern for a wide range of threats remain virtually unchanged from past years as well. Most companies still view hacking and malware as most significant. But many new dangers are quickly becoming more prevalent, including Advanced Persistent Threats, Denial of Service attacks, IPv6 attacks and mobile malware.
“Many organizations may be assuming a satisfactory level of security without truly performing the due diligence to understand their exposure and build an appropriate security posture for a new era of IT," Robinson added. “To truly ‘move the needle’ on security readiness, the overall approach must be re-evaluated from the top level of the business down through all departments."
CompTIA says human error continues to account for the majority of security breaches. More than half (51 percent) of companies say human error has become even more of a factor over the past two years. This may be due in part to the introduction of cloud computing, mobility and social media into the enterprise. But it's striking, the nonprofit noted, how few companies (21 percent) view human error as a serious concern.
Another consistent theme in this study is the difficulty companies have in finding security professionals with the right skill mix. Cloud security, mobile security, data-loss prevention and risk analysis are the four areas where skills are seen as most lacking in 2013.
One solution might be more security certifications for IT professionals. Two-thirds of companies say IT workers with security certifications are more valuable to the organization, while 86 percent say certified security workers deliver a moderate to high return on investment.
Follow senior online managing editor @Craig_Galbraith on Twitter.