Everyone agrees that RSA Conference is a mainstay of information security. Every year, the event attracts tens of thousands of security professionals from around the world. As such, it’s the perfect place for companies to gain a snapshot of the digital security landscape.
That’s why Tripwire has made a tradition of capturing attendees’ thoughts on key security issues at each show. In 2016, we examined attendees’ perceptions regarding their companies ability to prevent and respond to ransomware attacks. This year, we asked 200 security professionals about their digital security concerns for users and for their own organizations.
When asked if they were more concerned about digital security in 2017 compared to 2016, four-fifths of respondents said “yes”. Many of these individuals might have responded that way because of their concerns regarding the government’s ability to defend against digital attacks. In the wake of Russia hacking the Democratic National Committee, only 17 percent of respondents said they’re confident the U.S. government can adequately protect itself.
David Meltzer, CTO at Tripwire, says IT professionals’ confidence in their government’s digital defenses will likely shape their security decisions over the next year :
“People and organizations alike look to the government to set an example and lead the way on all sorts of issues, including cybersecurity. What the results of this survey show is that seasoned cybersecurity professionals are not confident in the government’s current cybersecurity strategy, and these worries can trickle down to the list of concerns for an enterprise. While organizations look for their fears to be resolved over the next year, they will also need to increasingly work with security vendors to be reassured that they are taking the right security approach.”
Tripwire also found in its survey that a majority of respondents (60 percent) were confident in their organization’s ability to enforce foundational security controls. But that’s not to say IT professionals felt their companies were bulletproof. 48 percent of participants said the skills gap could cause their organization’s security to fail, while nearly a third (30 percent) said inadequate processes could weaken their corporate defenses. These forces could expose their enterprises to intellectual property theft, reputational damage, and financial loss.
Meltzer feels the skills gap in particular remains a persistent challenge for companies:
“With high profile data breaches hitting companies’ bottom lines, it’s no surprise that financial loss is high up on the list of security professionals’ concerns. It’s encouraging to see that people recognize that bad security affects a company’s brand reputation, as it means people care more about their security,” Meltzer added. “However, the looming skills shortage that’s already been identified as a pain point is worrisome. Companies need to look for technology that can increase automation in security and reduce the manual effort required of their employees.”
Organizations also should develop processes designed to train and retain skilled digital security talent.
For more insight into the skills gap, please click here.