Industry still struggling to defend against breaches

Skills shortages still pose major risk to long term information security capability.

  • 6 years ago Posted in
The latest survey from the not-for-profit industry body, the Institute of Information Security Professionals (IISP), shows that over the last three years, those feeling that organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18%.  In contrast, the number of businesses that feel better prepared to respond to and deal with incidents rose from 47% to 66% over the same period.

 

These results reflect the difficulty in defending against increasingly sophisticated attacks and the realisation that breaches are inevitable – it’s just a case of when and not if,” says Piers Wilson, Director at the IISP. “Security teams are now putting increasing focus on systems and processes to respond to problems when they arise as well as learning from the experiences of others.”

 

When it comes to investment, the survey suggests that for many organisations, the threats are outstripping budgets in terms of growth. The number of businesses reporting increased budgets dropped from 70% to 64% and businesses with falling budgets increased from 7% up to 12%. Economic pressures and uncertainty in the UK market are likely to be restraining factors, while the demands of the GDPR (General Data Protection Regulation) and other regulations such as PSD2 (Payment Services Directive) and NISD (Networks and Information Systems Directive) are undoubtedly putting more pressure on limited resources.

 

The IISP Survey report also once again reinforces the problems of skills shortages with the number of respondents reporting a dearth of skills growing to 18% of respondents citing it as a challenge in this year’s results. While acting as a potential brake on capability, the skills shortage is also driving job prospects year-on-year, reflected in a growth of respondents in all the higher salary bands and in those reporting good job and career prospects.

  

This year’s survey further highlights the continued need for industry, government, academia and professional bodies like the IISP to continue to work to resolve these shortages in skills across all levels and disciplines,” says Amanda Finch, General Manger at the IISP.

 

The rate of advancement in technology in the wider IT, systems and threat environment will also put more pressure on skills and resources. When asked about the impact and disruption caused by emerging technologies, respondents put the Internet of Things (IoT) and the rise of Artificial Intelligence (AI) at the top of the list.

 

We have seen AI and machine learning used in defensive security systems for some time and this is now starting to become part of a wider automation approach,” says Wilson. “But like the IoT, AI can also be exploited by cyber criminals, so we need to have the people and technologies to respond and mitigate these emerging risks.” 

 

The IISP has a growing and diverse membership representing over 8,000 individuals across private and government sectors, 41 Corporate Member organisations and 22 Academic Partners. As well as surveying its members, the IISP opened the survey up to non-member security professionals, representing a wide range of ages, experience and industry sectors. The survey was conducted in the second half of 2017/early 2018

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...