IT security pros compromise ethics and mostly 'fire-fight', not do security work

Over a quarter (28 percent) of cyber-security professionals compromise their ethics to pass audits, likely due to growing network complexity and disparate technology, security and more to keep cyber-criminals at bay.

Research carried out by FireMon at InfoSec Europe discovered that 51 percent of IT security pros spend most of their day fire-fighting rather than doing important security work and 56 percent admitted that they added a product purely to meet compliance regulations even though they were aware it offered no other business benefit.

Furthermore, 52 percent admitted to adding access that they know had decreased their organisation's security posture because of demands from the business side.

Top tips recommended for becoming a more efficient IT security manager are:

  • Get Visibility: Having detailed visibility into firewall rules and policy effectiveness allows organisations to clean up outdated or redundant rules and close security gaps.
  • Get Intelligence: Combining knowledge of vulnerabilities in the networked environment on well-known threat entry points with real-time monitoring and vulnerability mapping will give the security team situational awareness needed to identify and remediate issue before they arise.
  • Integrate: The ability to share security information in real time without restricting it to a single application, system or device can empower managers to make decisions.
  • Automate: Changing workflow automation can help security teams to assess the impact of any new access being provided and restrict or vet it against the corporate security policy.

“We hear from potential customers all the time that network complexity is growing and that is to do with the number of ‘solutions' organisations are putting into place to try and solve the cyber-security puzzle and meet business demands. In reality, more technology is rarely the answer – instead, good management is they key,” said Michael Callahan, CMO, FireMon.