Slow start for cyber attack rescue service
Slow start for cyber attack rescue service

A survey of 800 IT professionals has revealed that both they - and the managers whose security needs they service - are under immense pressure to secure their IT resources against a rising wall of threats.

The report is based on a survey by security vendor Trustwave, to be published next week. It found that 54 percent of IT professionals felt more pressure to secure their organisations in 2013 compared to the previous year - and 58 percent expect even more pressure in 2014.

The key threat identified by the IT pros as worrying them the most was targeted malware - with 64 percent reporting an increase in this category of threats over the last year. Customer data theft was not far behind, and was cited by 58 percent of respondents.

But interestingly, IT professionals said that this issue worried them more than reputational damage, fines and legal action combined.

Commenting on these conclusions, Michael Aminzade, Trustwave's director of compliance, said that the key takeout from the report for him is the senior managers who felt under pressure to roll out IT services before they were ready.

"This raises the issue of security compliance, but it's clear from my observations that many IT professionals have had to undergo a steep learning curve over the last five years. Some 75 percent of respondents told us that they feel under pressure from above," he said.

Aminzade told SCMagazineUK.com that, if we go back 10 to 15 years, it is clear that IT systems - and the security used to defend them - were a lot simpler back then.

He went on to say that, whilst it is also clear that there are range of far more complex threats causing problems for IT professionals today - such as mobile malware up 400 percent in the last year - there are also a great many more pressures bearing down on those managers.

As a result, he says, IT pros have to deal with complex issues such as, stopping malware from breaking into your IT systems and phishing attacks from being effective against employees.

Against this backdrop, Aminzade sees security outsourcing as being critical to the success of security defences, both now and in the near future, with the biggest issue being IT pros failing to plan against a major security problem, rather than "planning to fail" as is often the case in such scenarios.

Trustwave's report finds that, with 85 percent of IT pros saying that a bigger IT security team would reduce their security pressures and bolster job effectiveness, it is clear that management must accept that mounting pressures, like attention from the board and other forms of internal scrutiny, are increasing.

The analysis continues that, with malware being everywhere, there is a need to make anti-malware protection a top priority, as well as a pressing requirement to augment in-house security expertise.

Companies should also perform business-wide security risk assessments and ongoing penetration testing, recommends the report, as well as prioritising security awareness education. Businesses, says Trustwave, should view Web apps as a top target, and stop buying security technologies for their flashy features, especially if IT doesn't have the resources to use them.

Trustwave says that the bottom line is that businesses should hope for the best, but prepare for the worst.