Security may not be as hyped as other tech trends like cloud computing, mobility or Big Data, but several CompTIA research studies have shown that it remains a top priority for businesses among a wide range of IT initiatives. However, that may not necessarily translate into businesses having a robust security posture or knowing which steps to take as they explore new technology models. CompTIA’s Eleventh Annual Information Security Trends study examines the areas that may need closer attention in order to avoid exposure.
According to the study, more than 8 in 10 companies view their current level of security as satisfactory or very satisfactory. Some percentage of these companies likely do have robust security policies and up-to-date tools, especially among the 13 percent of companies that say they have experienced a drastic amount of change in their security over the past two years. Many other companies, though, show low level of concern for emerging security threats and low levels of adoption for modern security defenses.
As companies utilize new technology trends, they must begin taking a new security approach. Formal risk analysis is only performed by 41 percent of companies, and this discipline can help inform security decisions as data is stored with public cloud providers or made available to mobile devices. Fifty-five percent of the root cause for security incidents is human error, but only 1 in 5 companies view human error as a serious concern. New technology investments will have marginal return in this area; the more effective strategy is to properly educate the workforce.
In addition to these overarching changes, new technical skills and tools are needed as well. Use of cloud systems, adoption of mobile devices and reliance on digital data all require new security processes and products. Many companies may have started using these technologies without fully thinking through the security implications, so security changes may be taking place even as new systems are used in production.
The landscape is certainly becoming complicated, opening opportunity for channel firms. While 85 percent of channel firms claim some involvement in security, only 36 percent of firms offer security as a standalone product or service. In an environment where 75 percent of end-users rely on more than one firm for technology needs, there may be an opening for more firms to specialize in security and ensure that every facet of an end-user’s technology plan is secured.
It seems that the main reason we’re still talking about security is that the message is taking time to sink in. Slowly, companies are realizing that the defenses of the past are not up to the challenges presented by today’s attackers, who are able to monetize any type of data and who show little favoritism between large and small companies. There are many new technologies that enable greater productivity and allow new possibilities, but they also open the door to new threats in security and privacy. Businesses will need to rethink their overall security strategy if they want to remain safe in this new era.