There are plenty of talented security professionals out there working to ward off attacks, assaults and incidents on a daily basis.
The problem is, there are not enough of them to go around.
That was the main fear CISOs are having to deal with for the new year, according to a report by the Ponemon Institute.
“I am not surprised that this was a leading concern – it is consistent with what we have been hearing as a critical need and gap in the market. However, being the leading concern was somewhat surprising if you follow what’s typically the most reported consequences of the staffing situation: Breaches and cyberattacks,” said Lee Kirschbaum, senior vice president and head of product, marketing, and alliances at Opus, which commissioned the report.
Typically data breaches, ineffective security tools, or some other technical aspect of guarding security tops the concerns list, so that is why Larry Ponemon, author of the report, was also surprised.
Workforce issues are usually somewhere in the middle, he says.
According to the survey of 612 chief information officers and IT security pros, the top five threats that worry them the most in 2018:
• 70 percent: Lack of competent in-house staff
• 67 percent: Data breach
• 59 percent: Cyberattack
• 54 percent: Inability to reduce employee negligence
• 48 percent: Ransomware
In addition, 65 percent of respondents said attackers will be successful in duping employees to fall for a phishing scam that will result in the pilfering of credentials – even more so than the organization suffering from a data breach or cyberattack.
“It is one of the oldest forms of cyberattacks, dating back to the 1990s, and one of the most widespread and easier forms of attacks,” Kirschbaum said. “It targets one the weakest links – the human factor – and focuses on human behavior to encourage individuals to discuss sensitive information.”
Challenging technologies for IT security professionals in 2018 include IoT devices, 60 percent; mobile devices, 54 percent; and cloud technology, 50 percent, the report found.
“(Security people) don’t see 2018 as a year for improvement, and that security risks are becoming a greater problem,” Ponemon said.
The survey found 67 percent of respondents believe their organizations are more likely to fall victim to a data breach or cyberattack in the New Year.
The majority of respondents expect breaches and attacks to stem from inadequate in-house expertise (65 percent); inability to guard sensitive and confidential data from unauthorized access (59 percent); an inability to keep pace with sophisticated attackers (56 percent); and a failure to control third parties’ use of company’s sensitive data (51 percent), according to the survey.