This site is part of the Global Exhibitions Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Informa
Businesses Overconfident About IT Security
By Craig Galbraith
November 21, 2013 - News
Comments

Businesses in a new survey feel pretty good about their readiness to combat threats despite not having made significant changes to how they approach IT security in recent years.

That's according to CompTIA, which found in a new survey that 82 percent of businesses consider their current level of security to be either "completely" or "mostly" satisfactory. Yet only 13 percent of firms say they’ve made drastic changes to their security approach over the past two years – surprising when you consider how organizations are embracing cloud computing, enabling employee BYOD practices and expanding their use of social tools.

“The use of new technologies necessitates a change in security approach," said Seth Robinson, director, technology analysis, CompTIA. “It’s clear why companies view security as a top priority; but what’s less clear is whether they are fully aware of which actions to take to build an appropriate security posture for a new era of IT."

Robinson says that levels of concern for a wide range of threats remain virtually unchanged from past years as well. Most companies still view hacking and malware as most significant. But many new dangers are quickly becoming more prevalent, including Advanced Persistent Threats, Denial of Service attacks, IPv6 attacks and mobile malware.

“Many organizations may be assuming a satisfactory level of security without truly performing the due diligence to understand their exposure and build an appropriate security posture for a new era of IT," Robinson added. “To truly ‘move the needle’ on security readiness, the overall approach must be re-evaluated from the top level of the business down through all departments."

CompTIA says human error continues to account for the majority of security breaches. More than half (51 percent) of companies say human error has become even more of a factor over the past two years. This may be due in part to the introduction of cloud computing, mobility and social media into the enterprise. But it's striking, the nonprofit noted, how few companies (21 percent) view human error as a serious concern.

Another consistent theme in this study is the difficulty companies have in finding security professionals with the right skill mix. Cloud security, mobile security, data-loss prevention and risk analysis are the four areas where skills are seen as most lacking in 2013.

One solution might be more security certifications for IT professionals. Two-thirds of companies say IT workers with security certifications are more valuable to the organization, while 86 percent say certified security workers deliver a moderate to high return on investment.

Follow senior online managing editor @Craig_Galbraith on Twitter.

Comments
comments powered by Disqus
Related News
News
The mobility security company aims to help VARs, ISVs and other channel players boost profitability
Kelly Teal
News
Edward Gately
News
New research shows that 87 percent of businesses plan to increase or maintain their IT budgets in
Craig Galbraith
News
News of Good’s IPO filing comes after the announcement that it lost $118 million
Craig Galbraith
News
Comview provides telecom-expense management, wireless mobility management and call-accounting
Craig Galbraith