InfoSec pros feel less external pressure, take security more personally
Security professionals are feeling less pressure from management, less pressure to approve IT projects early, and are less worried about emerging technologies, according to a new report. But they are also putting more pressures on themselves.
“The pressure is still high,” said Chris Schueler, senior vice president of managed security services at Trustwave Holdings, which sponsored the survey of 1,600 InfoSec professionals from around the world. “But it’s shifted from it’s someone else’s problem—the board’s problem, the CEO’s problem. Now it’s my problem.”
This year, 65% of respondents said most of the pressure they were feeling came from the board of directors, company owners, senior executives or their direct manager. This was down from 80% last year.
That’s a good thing, said Schueler.
He added that this doesn’t mean that cybersecurity is less of an issue, however. If anything, it’s now a top five concern, whereas before it was a top 10 concern.
Instead, the number of people who say their biggest source of pressure is themselves has more than doubled, from 11% last year to 24% today.
“They feel the pressure to perform, the pressure to secure,” he said.
Part of that is due to potential damage to their professional reputations, he said.
“If your web site goes down, no one really remembers that in six months or a year,” he said. “But if you were hacked, and it was a big enough hack, people will remember that for years. If you were the CISO of CSO for a company that was hacked, it definitely limits your job opportunities in the future.”
On the operational side, there were several areas of progress. The number of respondents who said they felt pressure to roll out IT projects before the necessary security reviews were complete went down from 77% last year to 65%.
On another positive note, emerging technologies were also causing less stress.
Last year, 25% of respondents said that dealing with emerging technologies such as cloud, mobile and IOT was their biggest operational pressure, second only to advanced security threats at 29%.
This year, that number was down to 12%.
“They’re finally starting to get a handle on cloud, so we’re starting to see that plateauing,” he said.
The rate at which the overall pressure is increasing has also begun to level off somewhat.
Overall, 53% of respondents said they feel increasingly pressured this year. In 2017, 63% said it was increasing.
But there were areas in which the amount of pressure increased.
For example, the industry-wide labour shortage is having an impact.
Last year, only 5% of respondents said that the lack of security skills and expertise was their biggest operational pressure. That tripled to 15% this year.
“I can’t find and hire the people with appropriate skills,” he said.
“We don’t want the board to feel all the pressure,” he said. “They’re not where the rubber meets the road.”
IDG News Service