At a time when companies are more reliant on cloud-based solutions, make wider use of mobile devices and apps and generally are more data- and digitally driven, about half of respondents to a recent CompTIA survey believe their organization is lagging in its attention to cyber-security.
The survey, which polled 500 security professionals, indicated challenges extend to finding qualified security workers and closing skills gaps at a time when the demand is increasing.
Among companies with skills gaps, 53 percent want to be more informed about current threats, and about 40 percent said they feel they need to improve their awareness of the regulatory environment.
"Many security professionals may see areas where the company is exposed, but it is difficult to get approval or funding if upper management feels that no action is needed," Seth Robinson, senior director of technology analysis for CompTIA, told eWEEK. "The challenge for the security professional is finding a way to tie security exposure to overall business risk and explain the steps that need to be taken."
Robinson said the most surprising finding from the survey was the fact that 51 percent of security professionals say a change in IT operations has triggered a new security approach.
"The driver itself is not surprising—obviously cloud and mobility are changing corporate behavior, including security—but far more than 51 percent of companies have adopted cloud and mobile technology," he explained. "Businesses should assess how their new technology strategies may be opening security loopholes."
A little less than half (47 percent) of respondents say there’s a belief within their company that existing security is good enough, and for 43 percent, other technology needs take a higher priority than security.
In addition, 4 in 10 cite a lack of security metrics as hampering their readiness, and 37 percent pointed to a lack of budget dedicated to security.
"Most business have traditionally viewed security as a technology problem, primarily investing in firewall and antivirus as the defense strategy," Robinson said. "Modern digital organizations must expand this technology footprint, adding in technology such as DLP and IDS/IPS, and they must also focus more on security processes and end-user education. Obviously, this is a much broader scope for security initiatives, so businesses need to re-evaluate their investments."
Two-thirds of companies involved in the survey said they are engaged in security training for employees, making it the most popular option for building the right security skills within an organization.
The study also found that 56 percent of firms will seek out IT security certifications for their technology staff.