Many organizations think they are safe from attack, yet they still want to increase the size of their IT staffs, according to a report released March 11 by security specialist Trustwave.
The study, based on a poll of 1,016 full-time IT professionals, found that 70 percent of respondents believed they were safe from cyber-attacks and data compromises.
"Clearly, too many IT and security pros have a false sense of security, which, in some cases, may elevate their risk of getting breached," Josh Shaul, vice president of product management at Trustwave, told eWEEK. "They may have security weaknesses across their infrastructure and not realize it or they may think they are doing everything possible to fully protect their organization when, in reality, there is still more they can do."
The disconnect is also present in another key finding in the report about security readiness. The Trustwave report found that 77 percent of respondents had been pressured to unveil IT projects that were not security-ready.
"If such a vast majority of businesses are rolling out IT projects before ensuring they are secure, they face a significant risk of getting breached," Shaul said.
Security should not be an afterthought that can be put on hold until after the project is rolled out, he said, adding that security needs to be on at the forefront of IT projects, from the development, to production, to active phases.
Another interesting finding in the report that surprised Shaul is the fact that just 9 percent of IT and security pros cited weak passwords as the insider activity they felt the most pressure to fend off.
Trustwave's past research has repeatedly shown that easy-to-crack passwords are the most common weakness criminals are exploiting.
"Weak passwords contributed to nearly one-third of all breaches we investigated in 2013," Shaul said.
The report also found that 62 percent of respondents identified external threats as being the top threat source.
"Many of the breaches that made headlines in 2014 involved external threats—criminals trying to get in from outside an organization by exploiting a weakness on the inside of an organization," Shaul said.
The survey revealed that many respondents want more IT security staff on hand. In fact, 84 percent of respondents wanted the size of their IT security team increased, with 54 percent indicating they wanted the size doubled and 30 percent wanting it quadrupled. Additionally, 78 percent of respondents indicated that they are likely to or plan to partner with a managed security services provider (MSSP) in the future.
"Overall, the big takeaway from this report is that IT and security pros need help," Shaul said. "Criminals are more sophisticated than ever before; organizations have more data to protect; new technologies like BYOD [bring your own device] are increasingly being introduced into the business environment; and many organizations do not have the manpower, expertise and other resources to keep up and, more importantly, stay ahead of the criminals."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.