Since 2016 the landscape of information security has changed. There have been new strains of malware developed, new phishing techniques, cyber security breaches, new developments to security and compliance as well as debates about security and privacy. With all these new developments in the IT landscape, here are six factors that IT professionals are most concerned with.
1. Cybersecurity: Recent reports found that cyberattacks/web based threats have been growing quickly over the last couple of years, and there's nothing to indicate they won't keep increasing. Even with all the advancements in cybersecurity, most professionals are aware that these advancements are not making systems and networks any more stable. They also realize that their systems can be hacked at any time as employee negligence is still the number one reason for cyber security breaches. Here are three other concerns relative to cybersecurity:
- General lack of knowledge and awareness about cyber security
- Too many versions of technology. Most companies have a combination of old/outdated software with new technologies making IT systems within organizations complex to manage
- Lack of time, money and general resources to implement a comprehensive security solution
2. Ransomware: This form of cybercrime has grown exponentially since 2015. Criminals are much more sophisticated in coding, system and network configurations, making ransomware more difficult to detect. The fear of ransomware is prompting most IT professionals to ask not if they’ll encounter a breach but when they’ll encounter an attack.
3. Data classification: Although data classification is a fairly simple concept, it is quite difficult to implement and can cost your company thousands if not done correctly. Many organizations face the fundamental problem of not having any data classification systems in place and not being able to classify what information is deemed critical for business operations on an on-going basis. Not knowing this information can be detrimental to your business operations.
4. Protecting Endpoint Devices: According to a Promisec survey 89 per cent of VPs and C-Level IT professionals are concerned about security breaches on endpoint devices, while a mere 32 per cent actually have endpoint protection in place. The reasons why endpoint device protection is such a concern is because:
- IT professionals do not know all of the endpoints within their corporate environment. They don’t have full line of sight into who owns and manages these devices, what types of work and data are on them, and how they will be protected. Without this endpoint visibility, the chance of protecting corporate data are slim to none
- There are gaps and vulnerabilities in endpoint protection (i.e. the lack of complete and regular rollouts of software patches, gaps in blocking applications, etc.)
- Up-to-date antivirus software is not sufficient to ensure proper coverage of endpoints
5. Compliance: Whether it’s the healthcare, financial or legal verticals, many industries have strict regulations on how organizations handle their business-critical data. Within the last few years, there have been enormous changes to the way data can be acceptably classified, and IT pros admit they’re not ready for these key changes due to the fact that they don’t really understand what exactly is being asked of them to comply with these ever-changing regulations.
6. Data Breaches: As data breaches continue to increase, more organizations are at risk of losing confidential consumer and corporate data. Studies have shown that less than 25 per cent of professionals are confident in their company system’s ability to mitigate the risk of security incidents. This number is frightening, as data breaches can mean you’ve lost one crucial element to your business – your customer’s faith (and most likely their business). And because cyber breaches can severely impact all areas of business, IT pros are looking for best practices, advanced compliance and signature-based security technologies.
What can you do as an IT Professional?
- Educate your staff on all the threats out there and make sure there are no gaps in process, skills, and training.
- Have current/up-to-date technology and software needed to defend against all threats.
- Leverage new/existing security controls for risk prevention.