A new report from CYREN describes the challenges to web security that IT professionals face. The study targeted computing publication Network World’s readers, and only includes responses from professionals at organizations with between 500 and 9,999 employees. To keep the focus on the implementers, the study excludes respondents with job titles including CIO and CTO.
Top challenges to web security
- Multiple devices creating numerous “entry points” (laptops, tablets, smartphones) – 48%
- Lack of the continuous visibility needed to detect advanced attacks – 45%
- Lack of resources to implement new security solutions – 43%
- Difficulty assessing your organization’s level of risk/threat profile – 33%
- No clear or uniform strategy for “incident response” (response is ad hoc/reactive) – 33%
- Existing blocking and prevention solutions are insufficient to protect against advanced attackers – 38%
- Lack of access to real-time intelligence on the latest web security threats – 36%
- Web security solutions are costly and difficult to integrate – 36%
- Conventional security solutions don’t work well in Cloud/hybrid environments – 32%
- Movement towards Cloud infrastructure and “anytime” data access from any location – 30%
- Lack of support for new security investments – 27%
- Data and applications are moving to the Cloud – 25%
- Lack of scalable security solutions (consistent through peak activity times versus slower periods) – 21%
- Other – 4%
The majority of these findings come as no surprise. IT professionals have been struggling to keep their organizations secure owing to the ever-changing threat landscape and the lack of support from the higher-ups.
Elsewhere in the report, it’s mentioned that IT professionals confess they’re arming themselves with 10- to 15-year-old technology to prevent and detect cyber attacks.
Simply put, this is not good enough. Customers rely on organizations to keep their data safe, but, if the IT team is being forced to use outdated technology against evolving cybersecurity threats, what chance do they have?
I sympathize with the IT professional community; it’s not an easy task for them to convince management to invest in security unless there’s been a previous breach – but by then it’s usually too late. And even in cases where these has been a previous breach, that doesn’t necessarily translate to a security revamp, *cough cough TalkTalk*.
IT professionals that want to see change in how their organization deters cybersecurity threats must learn how to sell information security to their board.
Persuading the board to invest in information security measures requires certain sales skills. Selling Information Security to the Board – A Primer will help you understand how to persuade company directors to commit money and resources to your information security initiatives.