IT executives being pressured to roll out insecure applications: Trustwave
- — 21 February, 2014 16:30
A majority of IT professionals are being pressured to implement new technologies even when they don't have the resources to secure them effectively, a new survey from security firm Trustwave has found.
The Trustwave 2014 Security Pressures Report looked at IT professionals' perceptions of the pressures placed on them to manage information security in an ever-changing context.
Some 54 per cent said they felt more pressure to secure their organisations in 2013 compared with 2012, while 58 per cent expect there to be even more pressure on them this year.
IT executives in the United States were most pressured – with 62 per cent reporting pressure was up during 2013 – while those in Germany were the least pressured, at 33 per cent. The percentage of respondents expecting 2014 to involve even more pressure was up across the board – even in Germany, where expectations for 2014 jumped 10 per cent.
Asked about the source of the pressure, half of respondents said it was coming from the board of directors, owners and C-level executives; 30 per cent said it was coming from direct managers, while 13 per cent said they were pressuring themselves.
Targeted malware and APTs were the most feared security threat, with 64 per cent of respondents saying they felt the most pressure to protect their organisations from the increasingly malicious attacks. Viruses and worms were the least problematic, with 58 per cent of respondents saying they were feeling less pressure to protect against those threats.
Some 58 per cent were worried about customer data theft – more than reputation damage, fines and legal action combined.
Yet it was the results around pressure to roll out new technologies that may give pause to executives at all levels: IT executives were most frequently pushed to roll out cloud and mobile applications even if they didn't have adequate security.
Fully 79 per cent of respondents said they had been in that position, while 63 per cent said it happened "once or twice" per year and 16 per cent said it happened frequently.
US respondents were the most likely (65 per cent) to report it had happened once or twice in the past year, while German IT managers were the least likely (50 per cent).
Asked what would improve their ability to enforce security protections, 85 per cent of respondents said a larger IT security team would reduce security pressures and help them work more effectively. Some 82 per cent of respondents were looking to use managed security services to reduce this pressure.
IT professionals' wish lists for 2014 were topped by increased budgets, more security skills and more time to focus on security.