People are still the weak link in the security chain: survey
- Published: Thursday, 27 April 2017 10:05
Over 80 percent of security professionals identify ‘people’ as the industry’s biggest challenge compared to technology and processes, according to the results of the second annual survey from The Institute of Information Security Professionals (IISP). The survey also indicates that while 60 percent of respondents still feel that investment is not keeping pace with threat levels, there was a modest 5 percent increase in businesses that feel better placed to deal with a breach or incident if it happens. In real terms, spending does appear to be on the rise with 70 percent of companies seeing an increase in budget, up from 67 percent and only 7 percent reporting a reduction, which is down from 12 percent last year.
While people have long been seen as the weakest link in IT security through lack of risk awareness and good security practice, the people problem also includes the skills shortage at a technical level as well as the risk from senior business stakeholders making poor critical decisions around strategy and budgets. Interestingly, the increase in reported skills shortages contrasts with a decrease in those reporting a lack of experience being a market factor. This suggests that as the industry matures the shortage of experienced, senior managerial professionals will reduce and the problem will be felt most acutely in the hands-on technical disciplines.