Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Application security still bothering professionals, who lack people to fix problems find (ISC)²

by The Gurus
April 16, 2015
in Editor's News
Share on FacebookShare on Twitter

Two-thirds of (ISC)² members have said that they have too few information security professionals, despite budgets allowing for more personnel.
 
According to its bi-annual Global Information Security Workforce Study (GISWS), spending on security is increasing across the board for technology, personnel and training, however complexity due to threats evolving faster than vendors can advance their products led two-thirds of respondents to suggest that a new phenomenon known as “technology sprawl” is undermining effectiveness.
 
Surveying over 13,000 information security professionals and practitioners worldwide, the survey found that application vulnerabilities and malware were identified as top security threats for the third study in a row and phishing is the top threat technique employed by hackers, yet the results showed a decline in importance of awareness training.
 
Speaking to IT Security Guru, Adrian Davis, managing director for EMEA at (ISC)² said that one of the key findings was the variances between regions, which are getting smaller because of a globalisation of threat and of response. “Professionals are doing the same job and have become much more aware of the global nature of the threat,” he said. “The other thing is we are still dealing with problems with applications and developments and exploits that take advantage of those threats.”
 
Asked why application security continued to be a problem, Davis said that this was a combination of dealing with a legacy of 25/30 years of software development where security was not a problem, and not having the knowledge, skill or the software there to fix that.
 
“There is so much old software out there that we are constantly playing catch up, and secondly we have never made the case to software developers that writing good secure software is something that should be rewarded,” he said. “There are so many lines of code in any product, I doubt any one human can go through all that code and find the problem.”
 
Martin Lee, cyber crime manager at Alert Logic, said: “The demand for security personnel is increasing, yet the supply of such people is not keeping pace and we are experiencing a skills drought.
 
“As with any severe drought, we have to admit that it will not rain soon, and we will not be flooded with skilled security staff in the foreseeable future. We must take stock of the facts and adapt our behaviour according to the situation. The managed service model where skilled staff are aggregated together and shared across many different companies is the best use of a scarce resource. Not only does this model make the best use of a rare resource, but by aggregating together attack data as well as skilled staff, wider attack patterns that are only identifiable in aggregated data can be discerned, and a better level of protection can be provided.”
 
Mike Spykerman, vice president of product management at OPSWAT, said that what concerned him was that the importance of phishing awareness training in the workplace is declining.
 
“Not only is phishing the most common entry point for hackers; a large element of the success of phishing depends on human error and lack of alertness,” he said. “With clear cyber security policies in place along with regular training, the chance that phishing attempts are successful can be greatly diminished. To help companies set up their employee cyber security policies and awareness training, OPSWAT has put together a list of the Ten Things to Include in Your Employee Cyber Security Policy.”
 
 
The full 2015 GISWS can be downloaded here: https://www.isc2cares.org/IndustryResearch/GISWS/

FacebookTweetLinkedIn
Tags: application securityHiringSkills
ShareTweetShare
Previous Post

HSBC confirms "some" mortgage customers are affected by data breach

Next Post

The battle for the mobile wallet

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information