BYOD, Cloud Have Placed a Premium on IT Security, Study Says

Booz Allen Hamilton and Frost & Sullivan released a market study that revealed how BYOD, cloud adoption, social media, and software development have bolstered the demand for IT security professionals. Dubbed as The 2013 (ISC)² Global Information Security Workforce Study and sponsored by the International Information Systems Security Certification Consortium Inc., the report showed that the positive trend is not going to dwindle in the near future.

“For those who have chosen a career in information security, it is a rewarding profession both intellectually and financially,” wrote Michael P. Suby, vice president of research at Frost & Sullivan. “While skill and knowledge building must never slow down — attackers, hackers, and other cyber threat actors certainly will not — information security professionals must also translate their risk management expertise into organization-wide leadership.”

12,396 information security professionals across different industry verticals in many parts of the world served as respondents for the survey. The study’s significant findings include the following:

• Secure software development is the discipline where the widest “gap between risk and response attention by the information security profession” occurs.
• Vulnerabilities in applications represent the topmost security issue. Malware and concerns about mobile devices follow closely. Reducing security risks posed by the aforementioned three, alongside those brought in by other security issues, is the foremost priority of an IT security pro.
• BYOD and cloud computing, in particular, have high underlying security risks.
• The IT security profession is a stable one. Eighty percent of respondents surveyed said that they did not change their employer or employment in the previous year. Moreover, during the next five years, the number of professionals is expected to grow over 11 percent yearly.
• There is a continual shortage of information security professionals. Fifty-six percent of respondents surveyed said that there is a workforce shortage. Only two percent said that there is a surplus of IT security workers.
• Information security professionals are more adept at infrastructure security than security involving hardware and software products.
• The level of preparedness for security incidents needs work. Twenty-eight percent of respondents surveyed believed that their organizations can recover from a targeted attack in the course of one day. But twice as many admitted that their organizations are less prepared to handle security incidents today than in 2011.

“Members of other functional areas in the organization will view information security as an optional responsibility and be equally, if not more, cavalier in their adherence to security policies,” continued Suby. “Therefore, it is incumbent upon information security professionals to demonstrate security consciousness, and openly and freely engage with members of other departments to show how security is best when practiced together.” (KOM) Link. Link.