When asked what two things they need to strengthen their organization’s cyber security, 85 percent of cyber security pros said they need more people, and 84 percent said they need new technology, a recent Tripwire survey of 108 people at Black Hat USA 2017 found.
Just 28 percent said they need new vendor services.
Among those who said they need more people, 70 percent said hiring experienced professionals is a priority, while 30 percent said they’re willing to hire inexperienced professionals and train them on the job.
“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”
“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”
Increasing Security Budgets
Research firm Gartner recently predicted that worldwide information security spending will reach $86.4 billion in 2017, a 7 percent increase over 2016.
Worldwide security spending is expected to grow to $93 billion in 2018.
“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande said in a statement.
Still, Deshpande said improving security isn’t just about spending on new tech. “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said. “Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”
AsTech chief security strategist Nathan Wenzler told eSecurity Planet by email that Gartner’s predictions shouldn’t come as a surprise to anyone. “Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” he said.
“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.
A Growing Challenge
A recent ManageEngine survey of more than 300 ITSM professionals found that 82 percent of respondents expect work in IT to become more challenging, and 72 percent feel their efforts aren’t sufficiently recognized by management.
Additionally, almost two thirds of respondents think the current political climate (Brexit, U.S. and Australian immigration policies, etc.) will make IT recruitment more challenging.
A separate ControlScan survey of more than 400 cyber security professionals found that 49 percent of respondents said they don’t employ people with the necessary cyber security skills and/or training, and 23 percent said they have no idea how long it would take their organization to recover from a cyber attack.
ControlScan CEO Mark Carl said in a statement that the research shows companies are missing important opportunities to detect cyber security threats early. “A big part of the problem is that in-house IT teams lack the necessary manpower and, in many cases, the specialized knowledge to effectively defend against today’s attacks,” he said.