A growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years, according to a study.
New threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to "information security professionals being stretched thin, and like a series of small leaks in a dam, the current overworked workforce may be showing signs of strain."
The study also shows a severe gap in skills needed industry-wide. Information security professionals admitted they needed better training yet reported in significant numbers that many of these technologies are already being deployed without security in mind.
Other key findings:
-- As of 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide. Demand for professionals is expected to increase to nearly 4.2 million by 2015, with a compound annual growth rate (CAGR) of 13.2 percent, creating career opportunities for those with the right skills.
-- Secure software development is a significant new area of focus for information security professionals worldwide.
-- Application vulnerabilities ranked as the No. 1 threat to organizations by 72 percent of respondents, while 20 percent said they are involved in secure software development.
-- Nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents.
-- Mobile security could be the single most dangerous threat to organizations for the foreseeable future.
-- Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. More than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.
-- Professionals aren't ready for social media threats. Respondents reported inconsistent policies and protection for end-users visiting social media sites, and just less than 30 percent had no social media security policies whatsoever.
-- Viruses and worms, hackers and internal employees all fell in significance as top threats from 2008, the most recent year of the study.
-- The main drivers for the continued growth of the profession are regulatory compliance demands, greater potential for data loss via mobile devices and mobile workforce, and the potential loss of control as organizations shift data to cloud-based services.
-- Nearly two-thirds of respondents don't expect to see any increase in budget for information security personnel and training in 2011. Salaries showed healthy growth despite a global recession, with three out of five respondents reported receiving a salary increase in 2010.
Comment from Robert Ayoub, global program director - network security for Frost & Sullivan: In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide. We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are underway, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected. The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization. The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.
Comment from W. Hord Tipton, executive director of (ISC)(2): We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study. (ISC)(2) believes it will take a combined effort of industry, government, academia and the profession to attract and educate a new generation of high-quality information security personnel and equip current professionals to address the latest threats.
About the study: The (ISC)(2)-sponsored study was based on a survey of more than 10,000 information security professionals worldwide conducted by Frost & Sullivan. The objective of the 2011 Global Information Security Workforce Study (GISWS) was to provide meaningful research about the information security profession to industry stakeholders, including professionals, corporations, government agencies, academia, and hiring managers.
Contact: The full study can be found here.
No comments:
Post a Comment