According to a recent study, security-related pressures in IT have climbed steadily year-over-year, as security professionals face the constant strain that comes with defending their organization's network and data from assortment of threats from all sides.
The data comes from Trustwave's 2014 Security Pressures report, which was provided to CSO Online exclusively ahead of its publication next week. In an attempt to understand the variety of pressures that those working in InfoSec face, Trustwave spoke to 833 security decision makers about the topic, including CIOs, CISOs, and IT Directors / Managers in the U.S., the U.K., Canada, and Germany.
Depending on where the respondent lived, the level of pressure experienced varied. In the U.S., 65 percent of the respondents said they expect to feel more strain this year, compared to the 43 percent in Germany who expected to feel an increase in stress.
Yet, when the data from 2013 is included, professionals in both locations reported a year-over-year increase perceived pressures, and Germany had the largest gain — jumping from 33 percent in 2013 to 43 percent in 2014. In comparison, the U.S. had a three percent increase, the U.K. showed a four percent increase, and Canada reported a seven percent bump.
CSO Online spoke to Trustwave's Leo Cole, the General Manager of Security Solutions, and Chris Pogue, Director of Incident Response and Forensics about the study. One of the first questions asked of them addressed the source of the respondent's stress.
Last year, the media was flooded with reports of data breaches, new attack vectors, and threats of various types. Recently, 2014 was off with the news of a security incident at Target that impacted come 70 million customers. So is the increase in pressure reported by the study's respondents based on the uptick in security-related news coverage, or is it something else?
"When we speak to CIOs, CISOs, IT Managers/Directors, we almost always hear that their Board of Directors has asked them what they are doing to protect the companys valuable information. When the Board asks questions, there is more pressure. However, security has been a board-level issue for some time," Cole explained.
Today, the difference is in the type of questions being asked by the board. It used to be a matter of answering the question, 'what are we doing to prevent data loss?" Now, the question is focused on the fact that data breaches and other security incidents keep happening despite the purchase of products and solutions that are supposed to prevent them. So the question of "what are we doing?" has become "why does this keep happening?" and "what are we doing to make sure we don't get breached next?"
Sign up for CIO Asia eNewsletters.