The bulk of security teams face a relentless uphill battle when it comes to dealing with security risks and are sorely lacking when it comes to tracking, measuring and maintaining data access, according to new research.
The majority of those interviewed in a survey published today, “The Buried Truth: State of Security Information and Even Management Processes,” carried out by security firm Sensage, found that security professionals are having a rough go of it these days. It’s the third time the California-based firm has polled the industry but the first in which the survey’s results have marked such a downward slide for its respondents.
This downward trend was clear after Sensage analyzed what it’s referring to as security’s “bad mood.” After taking respondents’ optimism and other factors into account, the firm notes the mood is likely reflective of increasingly complex threats and a decrease in confidence. The mood continues to trend downward when looking at the last three years of responses.
“By 2012, proactive teams were starting to do the heavy-lifting needed to absorb and analyze data across more systems, processes and people than they considered doing in the past,” one part of the survey reads.
That “heavy lifting” refers to the need for better coordination, compliance reporting, incident response and data access.
Fully 79 percent of the survey’s respondents claimed they need better, faster data access and analysis – a big jump from last year, when only 57 percent of security teams claimed they wanted more trustworthy data.
When it comes to tracking improvement, security teams continue to be at a loss. A mere five percent of those who answered the survey felt like they had a “consistent and adequately staffed process improvement program.” Those numbers weren’t great to start with; the statistics are down from a measly 18 percent in 2010. Conversely, only 40 percent of respondents asserted that their security teams maintained consistent process improvement, down from 65 percent last year.
Overall, 96 percent of those who answered claimed their teams either had no process improvement, inconsistent process or understaffed process.
Some of these security teams aren’t entirely equipped to handle problems that come their way. Seventy-eight percent of security practitioners who responded claimed they were under less than ideal circumstances when it comes to dealing with security risks.
Less than a quarter, 22 percent, said they were “very effective” when tackling security risks.