Trustwave Security Pressures Report: UK security professionals have “false sense of security”

Trustwave’s 2015 Security Pressures Report is based on security professionals’ perceptions of current cyber risks. These are the people who face threats on a daily basis; the pressure they feel provides a useful barometer of the current state of global cyber security.

2014 saw data breaches hit the headlines in a big way and public awareness of security issues grew correspondingly. The pressure felt in the security industry understandably increased as a result, especially in the UK: “Security pros in… the UK (55%) felt the largest increase in pressure in 2014”.

The report also found that “62% of security pros in the UK… expect security pressures to increase in 2015. Just 3% of respondents in the UK expect pressures to drop”.

In spite of this increased pressure, “70% of respondents believe their organization is safe from cyberattacks and data compromises, despite a recent Ponemon Institute study indicating that 43% of companies experienced a breach in the past year. The seemingly false sense of security is most pronounced in the UK, where 80% of security pros believe their organization is safe from threats”.

Other key findings

  • 54% of security professionals felt more pressure to secure their organisations in 2014.
  • 57% of respondents expect to experience additional pressure to secure their organisation in 2015.
  • The adoption of emerging technologies, such as Cloud and BYOD, overtook advanced security threats as the top operational pressure facing respondents.
  • Among emerging technologies, 47% of security professionals were most pressured to use or deploy Cloud services – an increase of 25% from the previous year.
  • 84% of respondents said they wanted the size of their IT security team increased.
  • 84% of respondents cited reputational or financial damage following a data breach as their biggest fear.

ISO 27001

If you’re feeling the pressure and are concerned about the security of your organisation’s information assets, the international standard ISO 27001 sets out the requirements of an enterprise-wide information security management system (ISMS) that addresses people, processes and technology.

All organisations can implement an ISMS suitable to their needs, and can achieve certification to the Standard through an independent accredited certification body, providing reassurance to stakeholders, partners and customers that international best practice is being followed.

One essential component of an ISMS is regular penetration testing to assess the vulnerabilities in your networks and applications. Penetration testing involves the simulation of a malicious attack (either from outsiders or your own staff) on your organisation’s information security arrangements. If you’re concerned about the threats you face, a penetration test will show you exactly where your weaknesses lie, enabling you to take remedial action before you’re attacked.

For more information on IT Governance’s CREST-accredited penetration testing packages, please click here >>