Technology developments such as mobile devices, the cloud, social networking and insecure applications are challenging information security executives and their staff.
According to a study by (ISC)2 and Frost and Sullivan, security concerns have led to 'information security professionals being stretched thin' and the current overworked workforce 'may be showing signs of strain'.
The 2011 (ISC)2 Global Information Security Workforce Study (GISWS) also showed a severe gap in the skills that are needed industry-wide. Information security professionals admitted they needed better training in a variety of technology areas, yet reported that many of these technologies are already being deployed.
Secure software development is a significant new area of focus for information security professionals worldwide with application vulnerabilities ranking as the number one threat to organisations by 72 per cent of respondents, Nearly 70 per cent of respondents reported that they had policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents.
More than 50 per cent (55 per cent in EMEA) of respondents reported having private clouds in place, while more than 70 per cent (75 per cent EMEA) reported the need for new skills to properly secure cloud-based technologies.
John Colley, managing director for EMEA of (ISC)2, said: “We are seeing a paradigm shift in how organisations are operating, brought on by the triple impact of cloud computing, the pervasive use of mobile devices and social media via the corporate network, along with the wave of new applications being developed to support it all.
“Security professionals are going to have to re-skill for these new developments, but they are not alone. Security accountability has become an organisation-wide concern, with implications for HR, legal, marketing, sales and even customers in the global cyber security strategy. I have every confidence that we will develop the right instincts to meet the challenge, but I anticipate it will demand a combined effort of industry, government, academia and the information security profession.”
Robert Ayoub, global program director of network security for Frost & Sullivan, said: “The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organisation. The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.”