From threats to boardroom demands to post-breach consequences, data security professionals face mounting pressure from their organisations to seal off growing threat vectors and protect corporate reputation.
Since a security incident can happen at any time and attackers are constantly evolving their tactics, it can be a 24 hour, seven day a week job – but is all this pressure leading to a job well done?
The annual 'Security pressures' report from security firm Trustwave suggests that 63% of security professionals around the world feel more pressured than 12 months ago, with 65% saying they expected to feel more pressure this year.
Pressure to select security technologies containing all of the latest features has jumped from 67% to 74% among respondents, but having the proper resources to actually put them to use has fallen from 71% to 69%.
52% said they would double their IT teams to take on the load if they could, with 29% saying they wish they could quadrule their staff from its current size.
Most worryingly, 77% of security professionals worldwide said they felt the squeeze to greenlight IT projects that aren't ready for primetime- a figure that's not changed since last year, but is still cause for concern.
'Companies are likelier deploying exponentially greater numbers of IT projects, such as new applications, including mobile, this year compared to just two years ago. So, any new efforts to factor in security amid the rush to release hasn’t made much of a dent because of the sheer numbers of new projects going out the door,' said the report.
According to the 2015 Trustwave Global Security Report, 98% of applications tested by Trustwave's researchers contained at least one vulnerability, with the median number per application an eye-opening 20.
Flaws in applications can lead to malware infiltration and data leakage. The United States houses the most egregious offenders, where 83% of security pros feel pressure to roll out IT projects too early.
'We know that old habits die hard,' said the report. 'And this expression carries particular weight in the world of security, where the old way of doing things often maintains surprising relevancy and persistence despite breach after breach, headline after headline, apology tour after apology tour. But the status quo isn’t working anymore. Security pressures are a lot like risk. They can never been fully expunged, but they can be mitigated and brought down to acceptable levels.'
Trustwave recommends organisations placate the pressures on individual security staff by creating a culture of cross-departmental security to share the burden.
'Every single user on your network has a role to play in keeping the company secure,' says the report. 'After all, human error, in some capacity, is responsible for nearly all security incidents.'
C-level executives and IT departments can lead the charge from the top down, but ultimately the culture must be established as a collective effort among everyone.