Almost Half of Companies Believe Their Security is 'Good Enough'

With reports of massive data breaches becoming almost a regular event in the company, it is obvious that most companies do not dare to rest on their existing security practices. Well, a recent report by CompTIA, this is not the case at all.

According to professional security practices, published on Tuesday, almost half of the security professionals in the company believes that current security practices of their companies are "good enough". While not necessarily a bad thing to be proud of working in an organization, it may signal a dangerous level of complacency with regard to safety.

Interestingly, however, this does not seem to reflect the increasing priority of security in enterprise IT. As noted in the report of CompTIA, research firm Gartner expects the security market the company will have a value of $ 100.3 billion in 2019 worldwide.

So if that many security professionals believe their work is "good enough", so they must be doing something right, right? Well, let's take a look at how CompTIA by the modern approach to security.

First, most modern security policies consist of three distinct movements:

1.    Change away from the security perimeter
2.    Balance prevention and detection
3.    Greater focus on proactive security activities

There are a number of new technologies that play in these movements. The proliferation of cloud, mobile and big data come each with its own security problems, and each of these trends affect the way the potential that companies approach security. The increased use of big data and cloud services means that companies need to better protect their most valuable assets and ensure that compliance protocols and apply appropriate authorization.

This expansion of the biggest security challenges also met with labor problems. In the executive suite functions such as Chief Information Security Officer (CISO) or chief security officer (CSO) they are increasing, but security itself is becoming more horizontal time in all aspects of the digital business. At the same time, the total number of jobs compared to a career in security is booming as well. According to the Bureau of Labor Statistics (BLS) data cited in the report by CompTIA, the number of messages increased by 175% from 2012 to 2015. In 2012, there were 39,920 job security compared to 109,819 in 2015, increased to 58,456 in 2014. despite this massive enrollment growth, more than half of all companies surveyed said they believed that there was a lack of capacity.

So if security is a growing problem, why are not business professionals take more seriously? According to CompTIA research, safety regarding the priority not always result in improved safety practices.

"Companies can not fully understand the nature of modern threats, the need to support the process with technology and education, or the need to proactively monitor events and building strong defenses," the report said.

In addition to this conviction that safety is already pretty good, matters such as the prioritization of other security technologies (43%) and lack of security measures (39%) are also hampering the improvement of safety.

In terms of what really help change the focus of a security organization, respondents ranked the following as the most important drivers:

1.   Change in IT operations - 51%
2.   Reports of security vulnerabilities - 46%
3.   Of internal security violation or incident - 40%
4.   The knowledge gained from the training - 39%
5.   Changing direction - 38%
6.   Focus on a new vertical market - 37%
7.   Changes in operations or customer - 37%
8.   The vulnerability of the audit - 34%

As for the discrepancy between the new security threats and needs of security companies, professionals should consider their own organizations to determine how they can reduce the gap between the reality of the security landscape and how to consider their own employees.