Creating IT Futures FoundationSearchContact Us Worldwide
  • Main
  • Members
  • Certification
  • Partners

Security

  1. Human Element a Major Part of Security Risk

CompTIA’s 10th Annual Information Security Trends study comes at a time of dramatic change in the IT industry. Cloud computing, mobility, and big data are altering the landscape and causing technology to be ingrained in business operations like never before. Yet security remains a high priority, even among these trendy topics. Four out of five companies place a higher priority on security today than they did two years ago, and PricewaterhouseCoopers estimates that global cybersecurity-spending hit $60 billion in 2011.

As companies take actions to address new trends in technology—such as detailed reviews of cloud provider security—they are also finding that new technology is causing end users to play a more prominent role in security schemes. End users are important because the human element is playing a larger part in security breaches. Not only does it contribute to over half of root cause of breaches, but 46% of companies also see it becoming more of a factor over the past two years. The top source of human error is end user failure to follow procedure. It is difficult for a product to adequately address this issue, so companies must consider new ways of educating their workforce. Instead of one-time training, companies should build programs that are ongoing and interactive, with metrics that track effectiveness.

Another source of error could be the IT staff. While nearly 6 out of 10 companies believe their staff has an appropriate level of expertise, companies are aware that skills gaps exist in areas such as cloud security, mobile security, and data loss prevention. These gaps can be closed with training and certification—84% of companies report a positive ROI from certifying their staff.

The IT channel can also play a role in improving the security posture for organizations. Three fourths of channel firms are involved in security in some form, with 18% offering security as a stand-alone product or service. As with other areas of technology, channel firms are looking for ways to offer security in a recurring revenue model. This could be offering cloud security products in place of traditional on-premise hardware or software, or it could be offering security as a managed service. Education for end users represents a prime opportunity here if channel firms can build effective, ongoing training programs. Addressing this important topic is also good business: 66% of channel firms involved with security expect security-related revenue to grow in the next year, with 16% expecting significant growth of 10% or greater.

CompTIA’s 10th Annual Information Security Trends study was developed from a survey of 500 end user firms and 368 channel firms in the US. The data was collected during September/October 2012.

CompTIA members can read the full report here.