news
Cybersecurity
budgets not
increasing with
threats, report shows
lack of resources is the single
biggest challenge for the IT
security market, followed by a
lack of experience and skills.
A
This is according to The Security
Profession in 2018/19 report from
the Chartered Institute of Information
Security (previously known as the
IISP), the independent not-for-profit
organisation responsible for
promoting professionalism and skills
in the IT profession.
At least 45% of respondents chose
a lack of resources as the biggest
challenge, compared to 37% for a
lack of experience and 31% for a lack
of skills.
Ultimately, security professionals feel
their budgets are not giving them what
they need – only 11% said security
budgets were rising in line with, or ahead
of, the cybersecurity threat level, while
the majority (52%) said budgets were
rising, but not fast enough.
Professionals were also clear about
where threats originate.
Overwhelmingly, 75% perceived people
are the biggest challenge they face in
cybersecurity – with processes and
technology near-equal on 12% and
13% respectively.
This may explain the need for more
resources even as budgets increase:
people are a far more complex issue to
deal with. Yet at the same time, there are
signs of improvement.
More than 60% of IT professionals say
that the profession is getting better – or
much better – at dealing with security
incidents when they occur, with only 7%
saying the profession is getting worse.
10
60% OF SECURITY PROFESSIONALS
SPEND OVER THREE HOURS PER DAY
VALIDATING FALSE POSITIVES
dgescan, a leading provider
of fullstack vulnerability
management, has discovered
that more than 60% of security
professionals estimate their security
function spends over three hours per
day validating false positives.
e
The recent survey of IT security
experts also revealed that nearly
30% of respondents are in fact
spending more than six hours per
day on that task.
The majority of respondents indicated
validating false positives as the part
of their job they enjoyed the least
(30%) and admitted that the time spent
on that task is disproportionate and
should be reduced.
Furthermore, 44% of respondents also
recalled leaving an important life event
to deal with a security alert which –
when verified – was determined to
be a false positive. This seems to be
at the expense of visibility – as many
as 64% of respondents admitted that
their organisation does not have
a complete picture of all its web
applications and endpoints.
“Cybersecurity is about protecting a
company’s digital assets in an efficient
and cost-effective manner,” said
Eoin Keary, CEO and co-founder of
edgescan. “With IT security functions
typically understaffed – and with this,
many organisations acknowledging that
they lack visibility on their endpoints
and web applications – having
cybersecurity professionals work on
mundane tasks such as validating false
positives for such amounts of time
everyday isn’t optimal. Rather, it can be
a counterproductive choice.”
Issue 17
|
www.intelligentciso.com