Despite an increase in the number of data breaches last year infosec pros say they continue to be pressured by the business side to release projects that aren’t fully secure, according to an international survey.
The survey, paid for by Trustwave, showed that 77 per cent of respondents in five countries — and 71 per cent of Canadians — felt either frequent or periodic pressure to roll out IT projects that weren’t security ready.
The good news is that the majority agreed it was once or twice rather than frequently. However, if a bug slips by that could be once too many.
“One of the big things the industry in general needs to increase is the overall awareness, education, training — and not just at the IT level but at the board level and across business units — to make them aware of the risks of pushing things to market too quickly,” said Brent Davidson, Trustwave’s vice-president of sales for Canada.
Released Wednesday, the survey questioned 1,414 in-house information security professionals from around the world including 210 from Canada. Others were in the U.S., Britain, Australia and Singapore.
Among the highlights:
–Canadian IT security pros said an increased budget was at the very top of their security wishlist (42 per cent) That was way ahead of the number two wish, more time (17 per cent). By comparison, 33 per cent of U.S. respondents said money was a the top of their list, followed by more security expertise (20 per cent);
–Detecting vulnerabilities is the top security responsibility for 29 per cent of Canadian respondents, more than the global average (21 per cent). Other choices included detecting malicious activities, detecting/preventing malware. preventing social engineering attacks, strengthening passwords and patching;
–Canadian respondents rated customer data theft as their top worrying outcome of an attack or data breach (53 per cent versus the average of 43 per cent) and less concerned with intellectual property theft (16 per cent versus 22 per cent).
–Canadians are twice as concerned about losing the respect of their peers following a security breach than their counterparts (6 per cent versus average of 3 per cent).
Interestingly, in all countries at least 65 per cent of respondents felt their organization is safe from security threats. By contrast 46 per cent — and in Canada 40 per cent — said their organization has experienced a breach (although the report doesn’t make it clear if that means in the past 12 months, or longer).
Although reports of insider threats from employees are increasing, 58 per cent of all respondents believe the top security threats come from outside the enterprise. Twenty-four per cent worried about non-malicious internal threats, while 18 per cent saw the top security threat coming from malicious insiders. The Canadian numbers were in line with those.
Globally the majority thought the top riskiest insider threats were unauthorized file transfers through email or the cloud, followed by installation of unauthorized sofware/malware and access modification. Again, Canadian numbers were in line.
By a wide margin respondents said the emerging technology they feel most pressured to adopt or deploy was cloud (44 per cent). Interestingly, the Internet of Things was second at 17 per cent, followed by BYOD — which in last year’s survey was second at 16 per cent.