Organizations, security pros at odds on preparedness against cyber attacks
While many organizations feel more confident in their ability to defend against cyber-attacks, the opposite is true among the professionals charged with actually mounting the defense.
That is the finding of a new study by the Institute of Information Security Professionals, a not-for-profit organization dedicated to raising the standard of professionalism in information security.
The IISP found that over the past three years, the number of organizations that feel better prepared to respond to and deal with cyber-attacks and data breaches rose from 47 percent to 66 percent.
Contrast that with the views of IT security professionals. Those feeling that organizations are getting worse at defending against a major cyber incident doubled, rising from 9 percent to 18 percent.
“These results reflect the difficulty in defending against increasingly sophisticated attacks and the realization that breaches are inevitable – it’s just a case of when and not if,” says Piers Wilson, director at the IISP. “Security teams are now putting increased focus on systems and processes to respond to problems when they arise as well as learning from the experience of others.”
Despite the increased confidence among many organizations regarding their defense strengths, the report found a number of trends that weigh against better cyber security postures.
For one thing, the percentage of IT budgets dedicated to information security has dropped. Organizations reporting a growth in IT security spending dropped from 70 percent to 64 percent. Organizations citing a decline in IT security spending rose from 7 percent to 12 percent.
Also impacting cyber defense capabilities is the continued shortage of security professionals in the job market, a fact that was reinforced by the survey results.
But one of the most significant factors comes from technology, not human intervention or budget resources. Artificial intelligence and machine learning are playing an increasingly important role in IT security – on both sides of the fence.
When asked about the impact and disruption caused by emerging technologies, IT security professionals put the Internet of Things and the rise of artificial intelligence at the top of the list.
“We have seen AI and machine learning used in defensive security programs for some time, and this is now starting to become part of a wider automation approach,” says Wilson. “But like the IoT, AI can also be exploited by cyber criminals, so we need to have the people and technologies to respond and mitigate these emerging risks.”