Latest Technologies Straining Cyber Security Staffs, Study Warns
By isc2, PRNEWednesday, February 16, 2011
Critical Skills Gap Also Found in (ISC)2(R)-Sponsored, Frost & Sullivan Study of More than 10,000 Information Security Professionals Worldwide
LONDON, February 17, 2011 - A study based on a survey of more than 10,000 (2400 in EMEA) information
security professionals worldwide finds that a growing number of technologies
being widely adopted by businesses are challenging information security
executives and their staffs, potentially endangering the security of
governments, agencies, corporations and consumers worldwide over the next
several years.
Conducted by Frost & Sullivan, the 2011 (ISC)2 Global Information
Security Workforce Study (GISWS) says new threats stemming from mobile
devices, the cloud, social networking and insecure applications, as well as
added responsibilities such as addressing the security concerns of customers,
have led to "information security professionals being stretched thin, and
like a series of small leaks in a dam, the current overworked workforce may
be showing signs of strain."
Conducted on behalf of (ISC)2, the not-for-profit global leader in
educating and certifying information security professionals throughout their
careers, the study also shows a severe gap in skills needed industry-wide.
Information security professionals admitted they needed better training in a
variety of technology areas yet reported in significant numbers that many of
these technologies are already being deployed.
"In the modern organisation, end-users are dictating IT priorities by
bringing technology to the enterprise rather than the other way around," said
Robert Ayoub, global program director - network security for Frost &
Sullivan. "Pressure to secure too much and the resulting skills gap are
creating risk for organisations worldwide.
"We can reduce the risks, however, if we invest now in attracting
high-quality entrants to the field and make concurrent investments in
professional development for emerging skills. As the study finds, these
solutions are underway, but the question remains whether enough new
professionals and training will come soon enough to keep global critical
infrastructures in the private and public sectors protected."
"The good news from this study is that information security professionals
finally have management support and are being relied upon and compensated for
the security of the most mission-critical data and systems within an
organisation," added Ayoub. "The bad news is that they are being asked to do
too much, with little time left to enhance their skills to meet the latest
security threats and business demands."
Full Report: https://www.isc2.org/workforcestudy/Default.aspx;
Video Commentary: www.youtube.com/isc2tv#p/a/u/0/I3smut_iaxo
Other key findings from the study include:
- As of 2010, Frost & Sullivan estimates that there are 2.28 million
information security professionals worldwide (over 617,000 in EMEA).
Demand for professionals is expected to increase to nearly 4.2 million
by 2015 (1.15 million in EMEA) with a compound annual growth rate
(CAGR) of 13.2 percent (same in EMEA), creating career opportunities
for those with the right skills.
- Secure software development is a significant new area of focus for
information security professionals worldwide. Application
vulnerabilities ranked as the No. 1 threat to organisations by 72
percent of respondents worldwide and in EMEA (69 percent, while 20
percent (19 percent in EMEA) said they are involved in secure software
development.
- Nearly 70 percent (67 percent EMEA) of respondents reported having
policies and technology in place to meet the security challenges of
mobile devices, yet mobile devices were still ranked second on the list
of highest concerns by respondents (worldwide and in EMEA). The study
concludes that mobile security could be the single most dangerous
threat to organizations for the foreseeable future.
- Cloud computing illustrates a serious gap between technology
implementation and the skills necessary to provide security. More than
50 percent (55 percent EMEA) of respondents reported having private
clouds in place, while more than 70 percent (75 percent EMEA) reported
the need for new skills to properly secure cloud-based technologies.
- Professionals aren't ready for social media threats. Respondents
reported inconsistent policies and protection for end-users visiting
social media sites, and just less than 30 percent (31 percent EMEA) had
no social media security policies whatsoever.
- Viruses and worms, hackers and internal employees all fell in
significance as top threats from 2008, the most recent year of the
study.
- The main drivers for the continued growth of the profession are
regulatory compliance demands, greater potential for data loss via
mobile devices and mobile workforce, and the potential loss of control
as organisations shift data to cloud-based services.
- About two-thirds of respondents worldwide and in EMEA don't expect to
see any increase in budget for information security personnel and
training in 2011.
- Salaries showed healthy growth despite a global recession, with three
out of five respondents reported receiving a salary increase in 2010.
"We are seeing a paradigm shift in how organisations are operating,
brought on by the triple impact of cloud computing, the pervasive use of
mobile devices and social media via the corporate network, along with the
wave of new applications being developed to support it all," said John
Colley, CISSP, managing director for EMEA of (ISC)2. "Security professionals
are going to have to re-skill for these new developments, but they are not
alone. Security accountability has become an organisation-wide concern, with
implications for HR, legal, marketing, sales and even customers in the global
cyber security strategy. I have every confidence that we will develop the
right instincts to meet the challenge, but I anticipate it will demand a
combined effort of industry, government, academia and the information
security profession."
Likely the largest study of the information security profession ever
conducted, 10,413 information security professionals from companies and
public sector organisations around the world were surveyed in the fall of
2010, including 61 percent in the Americas, 22.5 percent in Europe, the
Middle East and Africa, and 16.5 percent in Asia Pacific. Forty-five percent
(42 percent EMEA) were from organizations with over 10,000 employees.
The average experience of respondents worldwide was more than nine years,
while five percent (seven percent in EMEA) of respondents held executive
titles such as Chief Information Security Officer. Additionally, Frost &
Sullivan supplemented the analysis with its other primary data sources and
methods.
The objective of the GISWS, the fifth study sponsored by (ISC)2 since
2004, is to provide meaningful research about the information security
profession to industry stakeholders, including professionals, corporations,
government agencies, academia, and hiring managers.
About (ISC)2
(ISC)2 is the largest not-for-profit membership body of certified
information security professionals worldwide, with nearly 75,000 members in
more than 135 countries. Globally recognized as the Gold Standard, (ISC)2
issues the Certified Information Systems Security Professional (CISSP(r)) and
related concentrations, as well as the Certified Secure Software Lifecycle
Professional (CSSLP(r)), Certified Authorization Professional (CAP(r)), and
Systems Security Certified Practitioner (SSCP(r)) credentials to qualifying
candidates. (ISC)2's certifications are among the first information
technology credentials to meet the stringent requirements of ANSI/ISO/IEC
Standard 17024, a global benchmark for assessing and certifying personnel.
(ISC)2 also offers education programs and services based on its CBK(R), a
compendium of information security topics. More information is available at
www.isc2.org.
(c) 2011, (ISC)2 Inc (ISC)2, CISSP, CSSLP, ISSAP, ISSMP, ISSEP, CAP, SSCP
and CBK are registered marks of (ISC)2, Inc.
Tags: CISSP, (ISC)2, computer security, cyber security, information
security, security professional, cloud computing, mobile devices, social
media, secure software, security research, Frost & Sullivan, Global
Information Security Workforce Study
Twitter (twitter.com/isc2 )
YouTube (www.youtube.com/isc2tv )
(ISC)2 blog (blog.isc2.org/)
Press contact: Vidushi Patel, +44(0)795847-4632, vidushi at taguspr.co.uk
Tags: (isc)2, February 17, London, United Kingdom
