8 things keeping security professionals up at night

As the need for enterprise data and technology grows, it only widens the skills gap for security professionals. That means, security professionals are feeling the pressure to get more done with less.

it security professionals under pressure
Credit: Thinkstock
8 things keeping security professionals up at night

Whether it's due to a high-profile security breach, the tenuous nature of consumer data or just trying to get ahead of a data-disaster, security is on everyone's mind. Security professionals are tasked with securing data, preventing data breaches and dealing with security flaws in business systems. A recent study commissioned by Trustwave, an information security company that provides threat vulnerability and compliance management services, surveyed 1,414 full-time IT workers worldwide who identified themselves as "security decision makers or security influencers within their organizations" and found the pressure is on. The study's most surprising finding is that 63 percent of respondents felt more pressure around security in 2015 than they did in the previous year and 65 percent said they expected that pressure to increase in the coming year.

"Driving the increasingly gloomy outlook is the shortage of security skills, resource constraints, emerging technologies and C-suite management and boards who both expect top-level security but also pressure IT teams to roll out projects that aren't security ready," according to Cas Purdy, vice president of Corporate Marketing and Communications at Trustwave.

Here are the eight biggest reasons IT and security professionals report feeling pressure to meet unrealistic security expectations, according to the study from Trustware.

1 skills gap
Credit: Thinkstock
Skills Gap

The tech industry has grown faster than schools can pump out qualified candidates, leaving plenty of IT departments understaffed and lacking in necessary skills. The study found that the skills gap for security pros has grown from the eighth biggest problem for IT departments to the third biggest problem. Of those surveyed 76 percent answered "yes" when asked "do you feel more pressure to excel in your career given the security skills shortage."

As a result, says Purdy, IT departments are turning to outside resources to help address security pressures. "In-house security professionals and their leadership teams are seeing additional benefits from partnering with Managed Security Service Providers (MSSPs), such as the accelerated pace at which security can be deployed and maintained, which in turn helps expedite IT projects that affect the top line of the business."

Board of directors
Credit: Thinkstock
Board of directors

Another area where IT pros are feeling the pressure to meet and exceed security expectations comes from the board of directors. The survey found that 40 percent of respondents cited feeling the most pressure around security right before or after a board meeting. And that number is actually one percent higher than the pressure they reported feeling immediately after a major public data breach.

"This shows that security is becoming just as important in the boardroom as it is in the server room," says Purdy. "Today's security professionals are balancing the technical aspects of their roles with the demands of the business, which is causing many of them to look for outside assistance to manage their security programs."

Detection vs prevention
Credit: Thinkstock
Detection vs prevention

The survey found that 54 percent of security professionals report "detection of vulnerabilities, malware, malicious activity or compromises as their most pressure-inducing security responsibility." They're focused on discovering backdoors that could let hackers in and then left to figure out ways to shut it down before criminals can get their hands on sensitive data. Ultimately, this level of prevention saves more money than dealing with a security breach after the fact but, thanks to the skills gap, many of security pros say they lack the in-house resources and skills to handle this aspect of security. This lack of skills and resources has only served to further push security pros to outside resources, with 86 percent noting that they either planned to partner or already partnered with a MSSP.

Early release
Credit: Thinkstock
Early release

Of those surveyed, 77 percent said they felt pressured to release IT projects before they are ready. This only exacerbates the problem, since most of these projects aren't completely secure and have vulnerabilities that could prompt an attack. This pressure was most significant in the United States, where 83 percent of security pros said they released a new project early, before it was secure, while in the UK the number was 70 percent, which is a decrease from the 78 percent who said the same in last year's study.

"Seventy-four percent of security professionals are under pressure to purchase the latest 'shiny new security box' to solve their issues, but only 69 percent report having the proper resources to actually implement and manage those new technologies," says Purdy. And he says, as a result, it means companies aren't getting the full value out of the latest technology if security pros can't fully secure new software or hardware before it's released.

Internet of Things
Credit: Thinkstock
Internet of Things

While 44 percent cite cloud technology as the "emerging technology security professionals are under the most pressure to adopt and deploy," the Internet of Things is not far behind. In last year's survey, IoT wasn't even an option to choose, but this year, 17 percent responded they were under pressure to adopt and integrate this emerging technology.

But the study also found that security IT workers view IoT as one of the riskier technologies, and Purdy agrees. "Most interestingly, Internet of Things (IoT) is now in second place at 17 percent, just above BYOD at 16 percent. But the emerging technologies security pros are pressured to deploy are also the ones they feel put business at most risk. When asked which emerging technologies pose the most risk, 32 percent of respondents cited cloud technology as the most concerning, and IoT tied with BYOD at 19 percent."

Big Data
Credit: Thinkstock
Big Data

It's nearly impossible to escape big data as it has become one of the most valuable resources for companies. And IT is feeling the pressure, with "customer data theft and intellectual property theft" coming in as two of the top worries for security professionals after a data breach or an attack. The top concern for 42 percent of security professionals once an attack has already happened is data theft, followed by intellectual property theft. Beyond that, reported concerns include reputation damage and fines or legal action.

And for many businesses, they've established these concerns the hard way, with 53 percent of IT pros in the US stating that their organization has experienced a data breach. That number was 46 percent across every country, with 48 percent stating they hadn't experienced a data breach at all and another 6 percent saying they were "not sure."

Supply and Demand
Credit: Thinkstock
Supply and Demand

Much of the study uncovered a need for more resources and staff for IT professionals, as well as the desire to have more skilled security pros on the team. According to the study, overall, 87 percent of respondents want to add to their current staff; 52 percent of those said they want to at least double their staff while 29 percent said they want to quadruple their IT and security staff. Besides a lack of staff, when asked if they had a "genie in a bottle" and could request anything, 33 percent cited a bigger budget, 20 percent indicated a desire for more security expertise, while 15 percent expressed a desire to have fewer complex technologies and products.

"There's definitely a desire to spend additional money on security programs, but there is also a 'quality over quantity' element emerging as security professionals face increasing business pressures with limited resources," says Purdy.

8 job security
Credit: Thinkstock
Job security

After a breach, the third biggest concern or fear for security professionals is getting fired. The number of respondents who expressed fears over job security after an attack rose from 8 percent last year to 11 percent this year. It comes in third right behind reputation damage and financial damage to the company. The study suggests that the use of MSSPs can help in-house IT staffs feel more secure in their jobs because, while it seems like the company is outsourcing work, it actually alleviates some of the pressure on IT pros since it helps reduce the potential for a security breach.

Although there is a sense of job insecurity among security professionals, interestingly enough, 24 percent of respondents cited an overall sense of job security thanks to the lack of security professionals in the job industry. The other 76 percent, however, simply saw the skills and staff shortage as more added work for them to accomplish.