Many IT security teams found themselves in a difficult position as 2014 came to a close. They were already dealing with the fallout from major security breaches that hit large companies like Target and JPMorgan Chase. Then word came of the Sony hack, and suddenly security was once again in the spotlight, right about when budgets were set to be finalized for 2015. If one thing became clear from these most recent security breaches, it was that many organizations did not have adequate measures to handle the security challenges of today. Luckily, companies appear to be waking up to this fact and planning accordingly. A survey of IT executives conducted by Computerworld shows that 43 percent of them expected an increase in their IT budgets, while 45 percent expected their budgets to remain the same. With these budgets in hand, IT security teams can determine where best to spend the money. A close look at several surveys and reports shows where they will focus on for the next year in response to the latest round of security breach incidents.
Free Cyber Security Training! Join the revolution today!
One problem area that has hit IT departments hard in recent years is the equipment they currently have not being up to task. Many of the correct processes and procedures are in place, but with the constantly changing tactics of cyber attackers presenting new challenges seemingly every day, equipment that’s only a few years old may not have what it takes to prevent attacks. That’s why many CIOs surveyed by Piper Jaffray will be using their budgets to upgrade their technology, particularly when it comes to network security gear. For example, many companies will be looking to replace their legacy firewalls with those considered next generation. The new firewalls come with advanced threat detection software and give organizations more control over their applications. This is turn can improve the security measures of a company considerably while protecting the network perimeter.
Another focus for IT security teams stems from the ongoing adoption of bring your own device (BYOD) policies in the workplace. As more employees bring their mobile devices into the office, the larger the number of security threats becomes. For that reason, IT departments are expected to spend much more on endpoint security. In the same Piper Jaffray survey, around 78 percent of CIOs said that endpoint security was a top priority for their organization. This renewed focus, much like that seen with network security, would emphasize technology used to detect and prevent cyber attacks. The need for endpoint security has become so great that many companies that specialize in network security platforms are also adding features that focus on mobile devices.
Another priority being adopted by IT security teams has little to do with the actual technology being used. Instead, the focus is on educating employees about the numerous security risks that threaten their organizations. A report from CloudEntr shows just how big of a priority employee education is; around 90 percent of IT professionals said their 2015 security plans included educating their employees, particularly when it comes to cloud security. Some of these plans require frequent training meetings wherein workers are taught about the latest security threats and instructed about what to do when confronted by the most common hacker tactics like social engineering. Employees often represent the weakest link in the security chain, and with so many working on mobile devices and using applications through the cloud, the need to inform them of their role in preventing future attacks is bigger than ever.
After news of major security breaches reached the headlines in 2014, many businesses had to pause for self-reflection as they analyzed their own security practices. As the last year has shown, even the mega corporations can be vulnerable to a determined hacking attempt. Based on the findings of IT security surveys and studies, it’s clear that organizations have started to take the security threats more seriously. As businesses upgrade their equipment, place a greater emphasis on endpoint security, and educate their employees, they’ll be more prepared to deal with modern security challenges. It appears that IT security teams are placing their priorities in the right place, but time will tell if their efforts will pay off in the end.
By Rick Delgado | @ricknotdelgado
Bio: Rick is blessed to have a successful career and has recently taken a step back to pursue his passion for writing. He loves to write about new technologies and how they can help us and our planet in particular. Rick occasionally writes for several tech companies, including Dell. His articles are always industry-neutral.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.