What keeps senior IT security pros up at night? It’s not what you think
In the security space, last year was one for the books. Edward Snowden made waves after leaking classified documents detailing government surveillance programs, which raised privacy and security concerns for individuals and enterprises worldwide. Data breach after data breach of major retailers and brands shook every industry to its core, leaving IT teams wondering, “could this happen to us?”
To understand the current security landscape and top threats in the wake of so much attention and scrutiny, my company Wisegate talked to a group of our senior IT members – the men and women in the trenches, running IT programs across many industries. Much to our surprise, their answers went deeper than insider threats, phishing and malware. To protect against these countless, daily vulnerabilities, senior IT professionals are concerned about having the resources – time and talent – to cut through the post-Snowden red tape and best safeguard their companies.
Security talent shortage
There’s currently a high need for security professionals across many industries and a major shortage of qualified individuals. The growing number of people joining the security workforce cannot keep up with job demand, leaving IT departments understaffed and open to security threats.
More than ever, businesses are wanting and needing security talent to protect against the looming threat of data breaches – and are willing to pay for it. A senior security director at a major entertainment company (name and company has been protected so that he may speak freely) is recruiting talent from around the world, offering to pay for relocation expenses, compensating talent with high-priced salaries and even offering signing bonuses when hiring for security positions, as competition is so high.
Other companies are interested in hiring from overseas, but domestic and foreign governmental red tape make it difficult to secure green cards for private employment.
International and domestic red tape
International and domestic rules and regulations can affect more than hiring activities. Thanks to the Snowden affair, additional calls for government regulation have come to light, leaving senior execs worried that new regulations will drain time and finances into complying with new protocols, distracting teams from protecting against hacking or data theft from the inside. With the current shortage of talent already in play, there’s little wiggle room for wasted time.
Companies have already seen changes in international business. Some international governments have already expressed concerns about emails leaving their borders in the wake of the Snowden affair. One executive in risk management at a consumer goods company shared that his company may have to ask Microsoft to keep email originating in Italy at an Italian data center and an email originating in Germany at a German one, if pressured enough by Europe, so international governments can protect private communications.
The vice president of corporate security at an insurance company believes that the Snowden incident has “made data privacy come to the forefront of a lot of people’s minds. It’s a top priority of mine, as well as most of my colleagues and peers. I think there’s still more to come. We’ll see more regulations – and government interest – as more data comes to light.”
Protecting sensitive information from human error
In addition to concerns about increased international and domestic rules and regulations, senior IT professionals are currently worried about the consequences of mistakes and sloppy procedures performed by team members. Target’s data breach has left many IT teams aware of the need to combat data breaches. When polled on their organization’s top data-oriented security threat, senior IT professionals named data breach and theft of intellectual property as their top data concern.
Countermeasures to data breaches have begun circulating in conversations in the IT industry. Preventative measures that have been discussed include holding people, companies and institutions financially accountable for the loss of intellectual property, staying current on new threats, and even tracking down employees who may have accidentally exposed intellectual property to loss. While many corrective processes have been theorized, there have been no conclusions on a best practice to prevent data breaches from occurring quite yet.
The security landscape is forever changing, leaving short-staffed IT teams at the mercy of the next big threat. The Snowden incident and major retail breaches may have forever changed the way the public, governments and businesses across the world view security. As security across industries continues to be scrutinized, evaluated and criticized, senior IT professionals are the folks enduring the daily struggles of an understaffed, and possibly soon-to-be highly government-regulated department.
Improved security will come when the number of talented security professionals increases. In the meantime, IT professionals must continue to get creative with solutions, invest heavily in educating non-IT employees in the importance of secure habits, and most importantly, plug into the fellow IT community to stay up to date on the latest security developments. By asking questions and generously sharing security intel across industries, IT professionals can team together to combat risks. After all, your peers are the best source to find out the latest security threat.