Study: Latest Technologies Straining Cybersecurity Staffs

A study based on a survey of more than 10,000 information security professionals worldwide finds that a growing number of technologies that business are adopting widely are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years.

Conducted by Frost & Sullivan, the 2011 (ISC)2 Global Information Security Workforce Study (GISWS) found new threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to “information security professionals being stretched thin. And like a series of small leaks in a dam, the current overworked workforce may be showing signs of strain.”

Conducted on behalf of (ISC)2, the not-for-profit organization for educating and certifying information security professionals throughout their careers, the study also shows a severe gap in skills needed industrywide. Information security professionals admitted they needed better training, yet reported in significant numbers that many of these technologies are already being deployed without security in mind.

“In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around,” said Robert Ayoub, global program director of network security for Frost & Sullivan. “Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.

“We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are underway, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected.”

“The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization,” added Ayoub. “The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.”

Other key findings from the study include:
  • As of 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide. Demand for professionals is expected to increase to nearly 4.2 million by 2015, with a compound annual growth rate of 13.2 percent, creating career opportunities for those with the right skills.
  • Secure software development is a significant new area of focus for information security professionals worldwide. Application vulnerabilities ranked as the number-one threat to organizations by 72 percent of respondents, while 20 percent said they are involved in secure software development.
  • Nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents. The study concludes that mobile security could be the single most dangerous threat to organizations for the foreseeable future.
  • Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. More than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.
  • Professionals aren’t ready for social media threats. Respondents reported inconsistent policies and protection for end-users visiting social media sites, and just less than 30 percent had no social media security policies whatsoever.
  • Viruses and worms, hackers and internal employees all fell in significance as top threats from 2008, the most recent year of the study.
  • The main drivers for the continued growth of the profession are regulatory compliance demands, greater potential for data loss via mobile devices and mobile workforce, and the potential loss of control as organizations shift data to cloud-based services.
  • Nearly two-thirds of respondents don’t expect to see any increase in budget for information security personnel and training in 2011.
  • Salaries showed healthy growth despite a global recession, with three out of five respondents reported receiving a salary increase in 2010.

“We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study,” said W. Hord Tipton, executive director of (ISC)2. “(ISC)2 believes it will take a combined effort of industry, government, academia and the profession to attract and educate a new generation of high-quality information security personnel and equip current professionals to address the latest threats.”

Some 10,413 information security professionals from companies and public sector organizations from around the world were surveyed in the fall of 2010, including 61 percent in the Americas, 22.5 percent in Europe, the Middle East and Africa and 16.5 percent in Asia Pacific. Forty-five percent were from organizations with more than 10,000 employees.


The average experience of respondents worldwide was more than nine years, while 5 percent of respondents held executive titles such as chief information security officer. Additionally, Frost & Sullivan supplemented the analysis with its other primary data sources and methods.

The objective of the GISWS, the fifth study sponsored by (ISC)2 since 2004, is to provide meaningful research about the information security profession to industry stakeholders, including professionals, corporations, government agencies, academia and hiring managers.


Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.