A recent ISACA study found that 46 percent of organizations are confident in their security teams’ response to complex threats, while 41 percent say they are confident only in their ability to respond to a simple threat.  At the same time security risks and breaches are growing. So, why the disparity and how can organizations change their risk management for the better?

 

  • One of the biggest reasons for the security challenges organizations are facing is finding qualified information security candidates.  A majority of businesses can take three to six months to find a qualified applicant.  Some enterprises can’t even fill the job opening.
  • Also, the number of IT pros that are dissatisfied with their job has increased since 2014.  A GFI Software survey revealed that 82 percent of professionals are considering leavening their current IT job because of stress, unreasonable demands and lack of budget.
  • Furthermore, there’s an absence of security candidates who understand the business, who have the skills and training perspective required to keep up with threats.

 

These three points alone demonstrate where part of the problem lies for organizations and their risk management potential.  They are challenges that can’t be solved overnight, but there are alternative solutions for organizations to choose from.  One of these is outsourcing their data security needs.

 

An information security company has the qualified personnel that organizations are lacking.  They also keep up to date with training and qualifications.  Additionally, they know the information security business in and out.  Even if an organization doesn’t want to outsource, they can still consult and add to their security team.

 

Another aspect that presents its challenges for organizations and their security risks is the fact that cyber-attacks have increased in 2014 and are expected to grow in 2015.  This means it’s only a matter of time before an incident occurs.  Not to mention the challenges with insider threats.

 

Companies are taking measures to increase their budgets and spend on security controls, as well as meet compliance; but the move towards a holistic security posture seems to still lag behind. The board of directors has started to take cyber security seriously, but the communication gap and trust between CIOs and the C-Suite continues to be a challenge.

 

The above points might seem common knowledge; yet as ISACA’s study points out, organizations aren’t in a good place with the challenge of filling the security personnel gap.  It is possible that CEOs haven’t thought of these options or are resistant to outsourcing (or collaborating with a risk management company).

 

With 2014 being one of the biggest data breach years, and forecasts of more breaches to come, enterprises should get their security process up to date and ready so that they may speedily respond to incoming threats.
How do you plan on filling the security gap within your company?

 

Photo courtesy of alexskopje