In last month's edition I discussed the conflicting opinions about information security needs that often pervade organizations and how these can negatively impact budget and resources to address these requirements effectively. Such discord often sparks some creative thinking on the parts of many savvy IT security leaders, which results in the streamlining of cybersecurity practices, technology automation and more.
But even these nimble practitioners can only be so crafty when the majority of CEOs and boards of directors don't really want to hear about the fast-growing intensity of cyber threats. According to the recently released survey, “2015 Global Megatrends in Cybersecurity,” conducted by Ponemon Institute, 78 percent of the 1,006 CIOs, CISOs and senior IT leaders responding say they hadn't briefed their boards on corporate IT security strategies in the last year. Another 66 percent of these respondents from the U.S., Europe, Middle East and North Africa say their executive leaders fail to see cybersecurity as a strategic priority.
Meanwhile, threats loom heavily on the minds of those charged with keeping critical data safe from bad actors. Zero-days and attacks on critical infrastructure are top of mind for respondents to the survey, especially when examining the projected evolution of the threat landscape over the next three years.
"[It's a] necessity to find more pros armed with both business and IT security acumen...”
And, the survey results indicate, the problems confronting CISOs don't stop there. Another is the shortage of competent IT security pros. About 66 percent of those responding to the survey, which was commissioned by Raytheon, say they need more “knowledgeable and experienced cybersecurity practitioners.” Yet the necessity to find more pros armed with both business and IT security acumen is hitting at the same time that most in the IT security arena are acknowledging a soon-to-be desperate shortage of pros to hire. Combine this with a consistently high turnover rate of these pros and this challenge to build more solid and expert teams becomes even more complex.
SC Awards U.S., happening this month at the RSA Conference, strives to help here by acknowledging the indefatigable efforts of both new and seasoned IT security practitioners, as well as the rookie and long-standing product and service providers that support their risk management plans and everyday endeavors by calling out their outstanding achievements within their own organizations and their contributions to the wider information security industry. In June, the SC Awards U.K. will be doing the same for organizations and IT security leaders in Great Britain and Europe.
It's a small contribution we've been making to the industry for a number of years that enables us to draw attention to IT security and its leading players, not only within this very marketplace but also to a larger business audience. If you've never attended (or entered any of our categories), please do consider it. Every year we modify and add to the categories to reflect the current happenings in the industry and so, for example, added some time ago one that acknowledges educational programs that help to funnel more expertise into this space. In the future, we're planning to call out specific students engaged in IT security/information assurance undergraduate and/or graduate studies.
Meantime, this month's SC Awards gala in California and the other fast-approaching in the U.K. certainly will show IT security pros like you some love. Survey results show y'all certainly could use some. Meantime, I welcome your suggestions on other categories we can consider adding to our SC Awards programs.