Security approaches underdeveloped for many businesses, surveys find

July 18, 2014

Though many companies consider themselves ready and able to take on security and technology threats, many are underprepared for potential problems as a result of low or no changes to their approach. As a result, IT workers with skills in these specialties can likely see great benefits in their job opportunities.

According to Channel Partners Online, a recent CompTIA survey found that while 82 percent of businesses consider their current security to be at least mostly satisfactory, only 13 percent of firms have made changes to their actual security approach in the last two years.

"The use of new technologies necessitates a change in security approach," Seth Robinson, the director of technology analysis for CompTIA, told the source. "It's clear why companies view security as a top priority; but what's less clear is whether they are fully aware of which actions to take to build an appropriate security posture for a new era of IT."

This information is more worrying for businesses in the light of recent developments of additional dangers added to hacking and malware, including advanced persistent threats, denial of service attacks, mobile malware and IPv6 attacks. Human error has even become a more worrying factor, as more than half of companies have noted it as a potential factor in recent years.

Cyber-attacks can be costly
What's more, small and mid-sized organizations remain uncertain about their IT security statuses, leaving themselves vulnerable to attacks, according to Silicon Republic. While 58 percent of business managers don't see cyberattacks as a risk to their business, interruptions and incidents have cost some small businesses an average of $1.6 million dollars in the last year.

Security improvements have been limited by a variety of factors, the source continued. Failure to prioritize security has been cited by 44 percent of users, while another 42 percent reported having an insufficient budget and 33 percent noted a lack of in-house knowledge and expertise. This information dovetails in context of security professionals' expected skills mix – cloud security, mobile security, data-loss prevention and risk analysis have been cited as the four most lacking skill sets of professionals in 2013.

Channel Partners Online recommends boosting security certifications for IT professionals may help turn the tide for many businesses. A full two-thirds of companies have said IT workers with security certifications are more valuable to their respective organizations, and another 86 percent noted that certified security workers provide them with a worthwhile return on investment.