IT executives being pressured to roll out insecure applications: Trustwave

A majority of IT professionals are being pressured to implement new technologies even when they don't have the resources to secure them effectively, a new survey from security firm Trustwave has found.

The Trustwave 2014 Security Pressures Report looked at IT professionals' perceptions of the pressures placed on them to manage information security in an ever-changing context.

Some 54 per cent said they felt more pressure to secure their organisations in 2013 compared with 2012, while 58 per cent expect there to be even more pressure on them this year.

IT executives in the United States were most pressured – with 62 per cent reporting pressure was up during 2013 – while those in Germany were the least pressured, at 33 per cent. The percentage of respondents expecting 2014 to involve even more pressure was up across the board – even in Germany, where expectations for 2014 jumped 10 per cent.

Asked about the source of the pressure, half of respondents said it was coming from the board of directors, owners and C-level executives; 30 per cent said it was coming from direct managers, while 13 per cent said they were pressuring themselves.

Targeted malware and APTs were the most feared security threat, with 64 per cent of respondents saying they felt the most pressure to protect their organisations from the increasingly malicious attacks. Viruses and worms were the least problematic, with 58 per cent of respondents saying they were feeling less pressure to protect against those threats.

Some 58 per cent were worried about customer data theft – more than reputation damage, fines and legal action combined.

Yet it was the results around pressure to roll out new technologies that may give pause to executives at all levels: IT executives were most frequently pushed to roll out cloud and mobile applications even if they didn't have adequate security.

Fully 79 per cent of respondents said they had been in that position, while 63 per cent said it happened "once or twice" per year and 16 per cent said it happened frequently.

US respondents were the most likely (65 per cent) to report it had happened once or twice in the past year, while German IT managers were the least likely (50 per cent).

Asked what would improve their ability to enforce security protections, 85 per cent of respondents said a larger IT security team would reduce security pressures and help them work more effectively. Some 82 per cent of respondents were looking to use managed security services to reduce this pressure.

IT professionals' wish lists for 2014 were topped by increased budgets, more security skills and more time to focus on security.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags trustwavesecuritymalware

More about CSOTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place