Big Data // Big Data Analytics
News
5/12/2014
09:36 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Money, Skills, And Hired Guns: 2014 Strategic Security Survey

Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?

Download the new issue of InformationWeek Tech Digest, distributed in an all-digital format (registration required).

Enterprises outsource everything from server hosting to application development. Why not security? Look for this year to mark the start of a new era in information security, where organizations that can afford to build sophisticated analysis teams do so, and those that can't hire specialized providers.

It's not that information security pros feel their efforts are falling short. Just 16% of the 536 respondents to our 2014 Strategic Security Survey say their organizations are more vulnerable to attacks than they were a year ago. The problem is that the status quo isn't acceptable: 23% of respondents admit to a known security breach or espionage in the past year, ticking up two points from 2013.

Winston Churchill once said, "If you're going through hell, keep going." Good advice, but hard to follow when every piece of malware or end-user mouse click could launch the breach that ends your business, and your job. IT security is not a needle-in-a-haystack problem. It's a needle-in-a-needle-stack problem. Thousands of attacks come at you each day. How do you keep up, much less allot a few hours to think about defensive technologies or how to explain the latest zero-day advanced persistent threat to executives who, even after a breach brought down Target CEO Gregg Steinhafel, still spend on security only grudgingly?

Money, Skills, And Hired Guns
Among respondents who feel they're more vulnerable this year, 40% cite budget constraints as a contributing factor -- up a notable 10 points from 2013. But bigger problems for these shops are the increased sophistication of threats (77%) and that there are more ways than ever to attack a corporate network (66%). Among all survey respondents, only 5% are cutting IT security spending, compared with 37% increasing and 47% staying the same. Clearly, the issue isn't just, or even mostly, about cash to spend on technology. It's about finding the right people, advanced attackers, and a warped way of measuring success.

Our survey shows that even in 2014, with record breaches and threats, the top way organizations measure the value of their security investments is by whether they pass a third-party audit. So in other words, it's still only a need to check the boxes driving security investment.

But before we all bash executives, let's look at it from their point of view because frankly, investing significant money in security is no guarantee of good results.

First off, your typical enterprise security team is its own worst enemy. "The biggest area of concern isn't security itself, it is the balance between security and the ability to allow for business to continue," says one respondent. "We sometimes add in too much security, which hinders the business from operating, and vice versa, which creates major security risks."

If you cause a business slowdown when implementing a security control, you take one step forward and three back in executives' minds.

Given a low perceived return on investment, many executives see a binary decision: Build the minimum viable security practice as cheaply as possible internally, or outsource.

Rread the rest of this story in the new issue of
InformationWeek Tech Digest.

 

As CounterTack's CTO, Michael Davis is responsible for driving the advancement of CounterTack's revolutionary endpoint security platform, as well as leveraging his visionary approach to push defenders ahead of attackers. He has earned a reputation as one of the nation's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Laurianne
50%
50%
Laurianne,
User Rank: Author
5/12/2014 | 1:09:42 PM
Surprises
Mike, you have a long-term perspective on security spending and staffing. What if anything surprised you in this year's data?
IMjustinkern
50%
50%
IMjustinkern,
User Rank: Strategist
5/12/2014 | 3:28:39 PM
Re: Surprises
Hmmm ... an interesting prospect, Michael. I just worry about adding another layer/tunnel for data. How do you reconcile the propensity for folks to sidestep extra layers? Or for the problems stemming from extra connections (read: Target HVAC guy)?
6 Tools to Protect Big Data
6 Tools to Protect Big Data
Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.