When it comes to cybersecurity there are really two forms of confidence that need to be instilled in any organization. The first derived from being certain that an appropriate level of defense has been implemented based on the risk the organization faces. The second is that the business itself is resilient enough to bounce back from that all but inevitable data breach.
The good news is cybersecurity confidence, on the whole, appears to on the rise. A survey of 303 security professionals published this week by Scale Venture Partners, a venture capital firm, finds 78 percent of respondents say their organization is well equipped to handle cybersecurity risks, a remarkable 17 percent gain over last year. Risks that survey respondents specifically said they are most confident of being able to handle are data breaches (84%) and insider threats (83%).Good news! cybersecurity confidence is up 17% from last year, with most security professionals saying they are confident in their abilities to secure against data breaches and insider threats. Click To Tweet
Much of that increased confidence can be traced to two primary factors. The first is two-thirds of respondents (66%) say their organization has altered its processes and strategy in the last 12 months. In many cases, that means not just educating end users about how to identify and better protect sensitive data, it also means starting to embrace best DevSecOps practices to make sure applications are secure before they are developed.
The second factor is that investments in cybersecurity technologies continue to rise. Top areas of investment in the past year were cloud infrastructure (83%), network security (78%), cloud application security (75%) and data security/data loss prevention (65%). The top projected areas for increased investment in 2019 are cloud application security (60%), cloud infrastructure (58%), network security (49%) and data/security and data loss prevention (48%).Recent survey: in the past year, 2/3 businesses have increased cybersecurity investments and altered their internal processes in order to increase the security of the company.Click To Tweet
Overall, the survey finds the top three obstacles to achieving better cybersecurity to be complex, legacy data center infrastructure (53%), outdated security technologies and processes (52%) and excessive alerts (49%). But the most notable shift in cybersecurity strategy surfaced by the survey pertains to cybersecurity staffing. Only 40 percent of respondents say their organization is looking to increase cybersecurity staff, which is down from 54 percent a year ago. That shift may reflect how difficult it is to hire and retain cybersecurity staff, as well as advances in security automation platforms.
Of course, there’s always a fine line between confidence and hubris. There’s no such thing as perfect security, so no amount of training or increased reliance on automation is going to turn any organization into the digital equivalent of Fort Knox. But confidence often breeds success. As football coaching legend Vince Lombardi once noted confidence is contagious, but so too is the lack of confidence. It’s easy for cybersecurity professionals to become disenchanted given the scope of the challenges they face. But leadership is often about instilling people with a hope of success despite the odds. Employees that are convinced that nothing they do will make a difference simply won’t try. The most effective cybersecurity professionals think in terms that go well beyond processes and technologies. They provide people with a sense of control over their own cybersecurity destiny by focusing, for example, on training end users how to consistently identify suspicious emails that might be a disguised phishing attack.
Regardless of the method employed, cybersecurity professionals that engage with employees often make all the difference. Employees can’t exceed expectations that have never been set. It’s the job of the cybersecurity team to not only set those expectations but also inspire employees to first exceed them and then just as importantly, pick themselves back up when things despite all efforts still on occasion don’t turn out as well as everyone initially hoped.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.