IT managers have a lot on their minds right now. Here are the top three concerns keeping most IT pros up at night, according to one recent survey.
No surprise here in a poll of 272 IT managers from EiQ Networks: Tech leaders worried about protecting their organization’s data.
Specifically, those IT managers are worried about keeping users’ mistakes from leaving data open to hackers, and finding and fixing attacks when they do happen.
Here are the top concerns IT pros are facing — and some advice on how technology decision makers can make their own lives a little easier:
One of the top challenges preventing organizations from improving their IT security defenses: They don’t have enough security people on staff. Just 23% of the IT managers surveyed said they have an adequate number of IT security pros in the department.
The figure echos the findings of other recent research showing that security professionals are in high demand right now. One report from Semper Security found that demand for security pros has grown 3.5 times faster than for other kinds of IT professionals.
In other words, hiring those employees could get expensive. But the good news for organizations is that money isn’t the most important thing for those employees, and organizations can find ways to attract and retain them even when budgets are tight.
Semper Security surveyed 500 cyber security workers in 40 different industries, including health care. Among those respondents:
- 56% said interesting, challenging work was a top factor that would attract them to a job
- 47% listed a flexible work environment as a top benefit
- 44% said a reputation for integrity is a key factor in what makes for an ideal employer
- 29% want training and career development opportunities from their employers
- 25% of security pros said they care most about the technology they work with, and
- 22% said they want their next career step to be a job that offers more difficult challenges.
Companies can also take advantage of opportunities to train their current staff members to boost the security skills of the IT pros that are already in the organization.
Just 27% of the respondents in EiQ Networks’ survey said their IT security team has the experience and expertise it needs to handle the threats the organization faces. More than half (57%) said the staff had just some of the necessary skills.
While hiring from outside is one way to bring those skills into the organization, training current employees is often a more effective strategy.
One quarter of IT pros said they aren’t sure how long it would take their team to find the root cause of a data breach. Another 6% said it would take longer than a month, while 23% said within a month but longer than a week.
That’s problematic because it means when a breach occurs, the attackers could have access to the organization’s data for a long time.
The best way to improve is to start proactively monitoring for signs of breaches. Many organizations don’t discover breaches because they aren’t looking for them. Experts recommend IT departments monitor logs and network traffic to find suspicious activity or data being sent to unknown places.
Organizations can use technology to automate that monitoring. But once that technology is implemented, it’s important that it’s used properly.
Best bet: Choose the most likely entry points attackers might use to get to sensitive data and monitor those connections.
Also, different monitoring tools should be integrated into a single system. Many organizations make the mistake of different teams having responsibility for the security of their own sectors, and not having that data correlated could cause delays in detecting breaches.
The company’s users
While IT pros say they’re most worried about attacks by external hackers, much of the fault for those breaches lies with the company’s own employees, according to the survey respondents.
“Misuse by employees” was the top risk respondents said their companies face, cited by 17% of IT pros. Much of the risk has to do with users’ mobile devices, as more than half (52%) of IT pros said than less than a quarter of mobile devices are monitored, while another 29% weren’t sure what monitoring was being done.
In addition, offering effective IT security training can lessen the risks that users expose the company to.
For more info, see EiQ’s infographic: