If a security system flags up an issue in your organisation and nobody acts on it, is it even an issue? Many organisations are acting that way, according to a report from Skyhigh Networks and the Cloud Security Alliance (CSA).
The research found that security budgets continue to rise – more than half (53%) of the 220 IT and security professionals polled expect their allocations to go up in the coming year – and the myriad of tools at teams’ disposals is a growing trend, with one in five companies having more than 10 available to them. Yet almost half (30%) of those polled admit to ignoring alerts because of the frequency of ‘false positives’ – an alert which erroneously flags normal behaviour as malicious.
Part of the issue relates to a lack of IT skills, the report asserts, with respondents saying the most important new IT skill in the coming five years is incident response management. IT workers believe the best solution to a shortage of skills is training current employees, while IT executives think bringing in junior IT workers is the best way forward.
It leads to a worrying pattern; hackers staying one step ahead of organisations and teams unable to cope.
“The frequency and sophistication of cyber threats is exposing a serious lack of the relevant skills needed to maximise the full value of new technology,” said Nigel Hawthorn, chief European spokesperson at Skyhigh Networks. “Businesses are forever playing catch up with hackers who are discovering new ways of probing networks, and firms are turning to more advanced cyber security solutions to compensate.
“To resolve the skills shortage, 37% of businesses believe that hiring junior IT professionals and investing in training is the most effective way,” he added.
The research also found that while Amazon Web Services (AWS) continues to be the primary IaaS platform with 37% of respondents citing it, Microsoft Azure (28%) is closing the gap.