Nearly two-thirds of cybersecurity professionals felt under more pressure to secure their organizations in 2015 compared to the year before, and were subject to increasing challenges surrounding skills shortages, according to Trustwave.
The security vendor’s 2016 Security Pressures Report claimed 63% of the 1400+ infosec professionals interviewed globally felt more pressurized in their jobs – up 9% on the previous year.
Detection of vulnerabilities, malware and compromised systems comprised the biggest responsibilities for 54% of those interviewed.
The pressure many are under is having a negative effect on the security posture of their organization.
Over three-quarters of respondents (77%) claimed they’re being forced to roll-out IT projects which aren’t ‘security-ready.’
Oli Pinson-Roxburgh, Trustwave EMEA system engineering manager, argued that this could create additional risk.
“The most critical is the risk of undiscovered vulnerabilities attackers can use to gain access to PII, and potentially pivot off the exploited system into the network to attack further into the organization,” he told Infosecurity.
“Another risk is the exposure of customer data through untested logic flaws – not a vulnerability exploit as such, but more the system allowing users to manipulate the application in unplanned ways.”
Attackers could also take advantage of security oversights to deface websites or cause service outages.
Staffing issues and skills problems are also hampering security efforts, the report claimed.
Shortage of security expertise climbed from the eighth-biggest operational pressure facing respondents to number three. However, those wanting to quadruple their staff from its current size rose from 24% to 29%.
“We are seeing a lack of both new people coming into the workplace, and sufficient in-role training. This often relates to experience levels – to really deal with today’s threats you need experience with technologies and common threats, and how to mitigate and respond to security incidents,” argued Pinson-Roxburgh.
“A good way to mitigate this shortage is to consider outsourcing to an expert in the security space. This addresses a number of issues including sickness coverage and incident response support, especially when experience spikes in threats or high volumes of attacks.”