In addition to their view of critical infrastructure insecurity, the majority of the 614 IT security professionals surveyed agreed with the following statements: senior leadership does not view IT security as a strategic priority; policies and procedures are in place to protect information assets and critical infrastructure but the necessary security technologies to support these procedures are often not available; and more resources are needed to invest in security technologies and hire experienced security practitioners.
Based on their perceptions, the majority of IT security experts surveyed did not believe that their organization’s IT security posture will improve.
Respondents predicted that the following security issues would likely to get worse over the next 12 to 24 months: the use of mobility and social media tools in the workplace will put their organizations at risk; cyber crimes are growing in sophistication and stealth and targeting organizations’ intellectual property and finances; advanced persistent threats or government-sponsored cyber attacks and cyber terrorism will target their organizations; the dearth of skilled and knowledgeable security practitioners will continue; government, regulatory actions and future mandates on protecting the critical infrastructure will put a strain on budgets; and growth of unstructured data assets leaves valuable information assets vulnerable to attack.
On the other hand, a majority of respondents had some encouraging views on information security over the next 12 to 24 months: companies’ use of cloud computing will become more secure; improvements are expected in managing the risk of criminal insiders, including malicious privileged users, as well as employees who are negligent; mobile workforce will become less of a security risk; and risks from the integration of partners into internal networks and applications will be better managed.
In addition, six security megatrends were identified in the survey: disruptive technologies, cybercrime, resource constraints, government and regulations, human factors, and organizational factors.