What do information security professionals consider the biggest threat to their systems and businesses? According to a recent study commissioned by Unisys, the issue most responsible for disrupting the sleep of top security executives is employee negligence or abuse of data warehouses or systems (97%). Insufficient resources to get the job done right (90%) is a close second.
Surprisingly, only 70% indicated that a catastrophic attack on IT infrastructure, including sophisticated viruses and expert hacker penetration was of most concern. Each respondent was asked in personal interviews to list up to five top issues in ascending order, higher percentages indicate a more frequently recognized issue.
Due to the lack of corporate resources, about 73% of participants in the study believed that they didn't have the staff to secure known security holes. About 80% of respondents said that outsourcing IT and data management activities to reduce costs created additional infosecurity risks that weren't being managed adequately.
The in-depth survey of 34 infosecurity professionals with direct responsibility for IT security services in their organizations revealed frustration with the lack of funds for preventative security measures. Some commented that the lack of resources causes them to make tough allocation decisions that may leave the company's critical infrastructure vulnerable.
Some of the greatest strains to the budget include hiring and retention, training and awareness programs, keeping up with new tools that might enhance security controls and implementing privacy safeguards.
These security professionals shared information security practices that they believe are key for complex business organizations.
Despite numerous challenges to maintaining security, participants also believe senior management is becoming more sensitive to security risks. Further, there is the growing realization that superior privacy practices can build trust and enhance the organization's reputation in the marketplace. As a result, security professionals are hopeful that they can turn today's security and privacy threats into tomorrow's business opportunities.
About the author
Larry Ponemon is chairman and founder of the Ponemon Institute, an organization focused on the development of privacy audits, privacy risk management and ethical information management. For more information about the Unisys Information Security Tracking Study, please contact the Ponemon Institute at mailto:firstname.lastname@example.org.