Innovations That Bring New Benefits Also Bring New Security Risks, CompTIA Research Reveals
Eight in ten execs say security landscape is more dangerous
Innovations that make data more accessible and devices more mobile also create new challenges for information technology (IT) professionals responsible for cybersecurity, according to new research released recently by IT industry association CompTIA.
The vast majority of business and IT executives (83 percent) surveyed for CompTIA's Ninth Annual Information Security Trends Study believe the security threat level is on the rise.
"Our data suggests that there is no single overriding factor behind this sentiment," said Tim Herbert, vice president, research, CompTIA. "Rather, it's a combination of elements that each chip away at information safety and security defenses in some way."
One of the biggest factors driving cybersecurity concerns today is the greater interconnectivity of devices, systems and users, the survey reveals. Among the disruptive IT trends contributing to greater interconnectivity – and raising new security concerns – are the proliferation of big data, social technologies, cloud computing and mobility.
"Billions of devices connect to the Internet daily, and with each touch point there's a potential for new security vulnerabilities," Herbert said. "With more data being produced and touched by more people, the potential for data loss or leakage grows accordingly."
One in five organizations in the CompTIA study reported definitely experiencing the loss of sensitive data in the past 12 months, while 32 percent reported likely data loss. Among companies that experienced such data loss in the past 12 months:
- 65 percent lost confidential corporate financial data,
- 52 percent lost confidential employee, such as human resources records,
- 27 percent lost confidential customer data, such as credit card numbers, and
- 26 percent lost corporate intellectual property or trade secrets.
The research indicates organizations are most likely to struggle with data loss prevention (DLP) efforts when data is in motion, such as transmitting sensitive information in an unencrypted format.
Security Breaches on the Rise, with Malware and Hacking at Top of List
Beyond data loss, three in four organizations reported first-hand experience with a security incident in 2011, a slight increase over the 2010 rate. On average, organizations reported seven incidents for the year, about half classified as serious.
Topping the list of security concerns is the all-encompassing threat known as malware. Yet while malware represents the most pervasive threat, in some ways malware attacks are less feared than highly targeted distributed denial of service attacks, advanced persistent threats and other types of malicious hacking attacks. In the CompTIA study, 58 percent of respondents believe hacking is a more critical threat today compared to two years ago.
Human error continues to be a significant factor in security breakdowns. A net of 53 percent of IT and business executives say human error is more of a factor today than it was two years ago.
Seven in ten organizations rate security as a higher or upper level priority this year, compared to 49 percent in 2010. Four out of five companies expect to increase information security budgets.
The intensified focus on information security has created a job market where the demand for skilled workers exceeds the current supply. In the CompTIA study, 40 percent of organizations say they face challenges in hiring IT security specialists.
Organizations view certified staff as an integral part of their security apparatus. More than eight in ten organizations formally or informally use security certifications as a means to validate expertise; and 94 percent believe security certifications deliver a positive return on investment.
CompTIA's Ninth Annual Information Security Trends Study is based on an online survey of 500 U.S. IT and business executives directly involved in setting or executing information security policies and processes within their organization. Data was collected in November and December 2011. The complete report is available at no cost to CompTIA members who can access the file at CompTIA.org or by contacting firstname.lastname@example.org.
In addition to comprehensive market research, CompTIA offers the IT industry a broad selection of other resources related to cybersecurity, including:
- CompTIA Security+ and CompTIA Advanced Security Practitioner certifications for the cybersecurity workforce.
- The CompTIA Security Trustmark™, a business-level credential that attests to a company's use of industry accepted best practices for security.
- The CompTIA IT Security Community, which focuses on challenges and opportunities in the IT security field.
- Education and training programs on cybersecurity.
- Public advocacy initiatives to promote secure and smart IT solutions.
CompTIA is the voice of the world's information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. For more information, visit www.comptia.org.