Canadian infosec pros would rather have bigger budgets than staff with more security skills, a new vendor survey suggests.
When asked the top item on their security wish list for 2017, 43 per cent of the 200 Canadian chief information officers, IT security directors and IT security managers that responded chose having and additional budget. By comparison 21 per cent wanted more security skills, 12 per cent wanted fewer complex security products, 11 per cent wanted to partner with a security service provider and eight per cent hoped for more time to focus on security.
They were among 1,600 surveyed in six countries by Trustwave in January for its annual Security Pressured Report, which tries to measure the squeeze on infosec pros.
Globally 30 per cent of respondents said their top wish was more money while 20 per cent want more security skills.
The relatively small number of Canadian respondents may not accurately represent the feelings of most infosec pros here.
Asked how much bigger their IT security team should be to reduce pressure on the team, Canadian respondents were in line with their global colleagues: About 45 per cent want to double the size of their staff, with about a quarter of respondents split between quadrupling staff or leaving it the same.
Interestingly, majorities in all countries agreed they felt pressured to buy security technologies “that contain all of the latest features.” But apparently that doesn’t bother them: Many – with even bigger majorities – felt they have the proper resources to deploy/maintain security technologies that contain all of the latest features – 76 per cent agreed in Canada, slightly above the global average of all respondents.
Not surprisingly cloud is the “emerging technology” all respondents felt the most pressure to use or deploy – and its also the one respondents feel poses the greatest security risk to their organizations. Almost all agreed social media was the second greatest risk, followed very closely by the Internet of Things. BYOD and mobile apps were far behind.
Asked what insider threat pressures them the most, respondents chose unauthorized file transfers, such as via email or cloud storage services (29 per cent globally, 31 per cent Canadian respondents), Installation of unauthorized software or malware (24 per cent globally, 22 per cent Canadian), with access and privilege modification or escalation coming third (18 per cent for both). But note that Canadian respondents put weak passwords tied for fourth compared to 11 per cent of all respondents.
Responses to other questions suggest infosec pros are feeling more responsible personally for a cyber incident, Chris Schueler, Trustwave’s senior vice-president of managed security services, said in an interview.
When asked what repercussion they feared most if their organization is breached, 42 per cent globally (45 per cent in Canada) agreed with “Reputation damage to me and my company.”
Schueler tried to suggest this means respondents are putting more pressure on themselves. However, respondents weren’t allowed to chose separately if their biggest fear is reputation damage to their companies or themselves.
Interestingly, when asked which problem infosec pros feel most pressure to address, identifying vulnerabilities led by a small margin in all countries (22 per cent globally, 25 per cent in Canada.), followed by preventing malware and strengthening passwords and remote access control. Lower down (8 per cent globally) was preventing social engineering and phishing attacks.
However, Canadian respondents rated almost all problems after identifying vulnerabilities and preventing malware at the same level (Third, with 11 per cent for patching, strengthening passwords, social engineering/phishing and managing network devices).