Tuesday, 22 May 2018

Cloud Security Concerns Grow as Incidents Rise

As investments in public cloud computing continue to grow, so do cloud-related security incidents. Over the past 12 months, 18 percent of organizations have experienced a cloud security incident, double the number reported in the previous 12-month period, according to a recent report.

Not surprisingly, concerns over cloud security also are rising, with more than nine out of 10 cybersecurity professionals – 91 percent, to be exact – saying they are worried about it. This, too, represents an increase from the previous polling period, when 81 percent of cybersecurity professionals expressed similar fears, and reverses a multiple-year downward trend.

The findings are part of the Crowd Research Partners’ 2018 Cloud Security Report, based on a comprehensive online survey of more than 570 cybersecurity and IT professionals, including CISOs, security analysts and IT managers.

Companies are investing in cloud infrastructure for reasons such as improved scalability, availability, business continuity and cost reduction. But as the report’s findings make clear, many of the fears regarding security that have hampered cloud adoption in the past still remain.

Plenty of Challenges


Organizations face no shortage of challenges as they rely more on cloud infrastructures for their technology needs. For one thing, they are finding that the capabilities of legacy security tools are limited in the cloud.

Only 16 percent of organizations believe traditional protection tools can properly handle security across the cloud, a 6-point drop from the previous survey. A substantial majority – 84 percent – says those solutions either do not work in cloud environments or provide only limited functionality.

The biggest security control challenges organizations are facing are visibility into infrastructure security (43 percent) and compliance (38 percent). They also are struggling with setting consistent security policies across cloud and on-premises environments (35 percent) and lament that security is not keeping up with the pace of change in applications (also 35 percent).

Respondents cited misconfiguration of cloud platforms as the biggest threat to cloud security (62 percent), followed by unauthorized access resulting from misuse of employee credentials and improper access controls (55 percent).

As for the top security challenges faced by organizations, respondents rated them in the following order:

1. Protecting against data loss and leakage - 67%
2. Threats to data privacy - 61%
3. Breaches of confidentiality - 53%

Cloud Security, ISC2 Guides, ISC2 Learning, ISC2 Certifications

Positive Signs


Despite the growing concerns regarding cloud security, the report had some positive findings, particularly in security education. For the second consecutive year, training and certification of existing IT staff ranked as the most popular path to meet evolving security needs. This is a good sign because as technology changes and threats evolve, updating the skills of cybersecurity workers is critical.

Organizations also recognize that investments in security overall are a necessity, as evidenced by the finding that nearly half of them (49 percent) expect cloud security budgets to increase. The median increase is expected to be 22 percent.

While, encouraging, these silver-lining findings are far from enough. It’s clear that as cloud investments continue to grow, more effort must be devoted to properly securing those investments to minimize threats and to boost overall confidence in the safety of cloud environments.

Saturday, 12 May 2018

What Gender Gap? Female and Male Cybersecurity Pros Have More in Common than Not

Cybersecurity, ISC2 Cybersecurity, ISC2 Tutorials and Materials, ISC2 Learning

By and large, female and male cybersecurity professionals share the same workplace values, priorities and aspirations. Both place about the same level of importance on matters such as salary and working close to home – and both apply roughly the same skills to their work and view protecting people and data as their primary function, according to recent (ISC)2 research.

In a survey of 250 cybersecurity professionals, (ISC)2 also discovered the number of men and women looking for new employment is exactly the same: 85 percent of cybersecurity workers are open to new employment opportunities, including 14 percent who are actively looking for a new job. Despite these mirror-image figures, women expressed a higher degree of satisfaction with their current employment.

Women also are happier than men with their current salaries. This finding is especially noteworthy considering separate (ISC)2 research has revealed female cybersecurity professionals earn 3 percent less than their male counterparts, despite having higher levels of education. That’s a pay disparity averaging about $5,000.

Women are substantially underrepresented in the cybersecurity workforce, accounting for only 11 percent of the profession. Gender participation in our poll of 250 professionals was two thirds men and one third women. While the study found some disparities in outlook between men and women, the gaps are never too wide. The clear overall theme is both genders have far more in common than not.

With this in mind, employers looking to recruit cybersecurity workers needn’t have a separate message for men and women since both want the same things. However, considering the underrepresentation of female workers in the field, employers and recruiters should put more effort into hiring women.

Much in Common


As noted, similarities between men and women in cybersecurity far outweigh differences. Among the similarities is outlook on salary. Getting the best pay when searching for new employment is deemed very important by 50 percent of males and 48 percent of females, and 38 percent of both genders rate it as “somewhat important.” Surprisingly, women – who on average are paid less than their male counterparts – are more satisfied than men with their current pay, with 50 percent of women saying they were very satisfied vs. 33 percent of men.

Female and male cybersecurity workers also share similar views in areas such as proximity between home and the workplace. When seeking a new job, 78 percent of men and 73 percent of women consider having the workplace near home and family as somewhat or very important.

The results also are identical when respondents are asked to rate “protecting people and data” as a priority when looking for employment. A seven-point difference – 67 percent of women vs. 60 percent of men – tilted to female respondents.

Both genders have a nearly identical outlook on how employers should evaluate them, with one exception regarding the maturity of an organization’s cybersecurity program. Among male respondents, 34 percent deemed it important vs. 22 percent of women.

As for how they feel they are currently judged and evaluated, both genders rank speed of response to a breach as the highest criterion – 46 percent for females and 37 percent for males. Men place a higher premium on influencing their organization’s leadership – 22 percent vs. 16 percent for women. Women give slightly higher importance to whether a breach is stopped – 30 percent vs. 25 percent by men.

When asked about the value cybersecurity professionals bring to employees, some slight differences emerge. For instance, men are more interested in overall strategy then women, and the reverse is true regarding cybersecurity training for both executives and rank-and-file users.

When it comes to evaluating potential employers, women are more cautious about choosing their bosses. For instance, they pay more attention to the job description and want more assurances that security is being handled properly. Men, on the other hand, are more likely to seek information about current security vulnerabilities at the prospective place of employment, although security issues don’t deter them from taking a job.

Where Women Want More


Despite all the similarities between male and female cybersecurity professionals, the research unearthed some visible differences. But even where men and women diverge, the widest gap is 22 percentage points. That gap reveals itself in answers to a question about the importance of working for a company with a strong mission that benefits society: 62 percent of women cited it as important, compared to 44 percent of men.

Women also edged out men (66 percent vs. 73 percent) on the importance they place on having their opinions taken seriously by management. This comes as no surprise, considering women are far outnumbered in the cybersecurity field and face greater obstacles in career advancement and equitable pay.

Women Are Happier


Despite the well-documented barriers to advancement and pay equity for women in cybersecurity – and the workforce overall – the (ISC)2 study revealed that female cybersecurity professionals are happier than their male colleagues. When asked about satisfaction levels at their current jobs, women outscored men in most metrics.

In addition to salary, female cybersecurity professionals expressed higher levels of satisfaction in the following areas:

◈ Strong mission to benefit society
◈ Current field or industry
◈ Working near home and family
◈ Flexible working arrangements
◈ Protecting people and their data
◈ Having their opinions taken seriously
◈ Adherence to a code of ethics
◈ Working with a cool product or service

Cybersecurity, ISC2 Cybersecurity, ISC2 Tutorials and Materials, ISC2 Learning

It’s noteworthy that women expressed higher satisfaction with having their opinions heard, considering the obstacles female workers historically have faced in IT, cybersecurity and the workplace in general.

Unbiased Recruitment


Despite the troubling issues that hold women back in the cybersecurity field, the (ISC)2 study did not reveal obvious recruitment biases. Based on the responses, recruiters contact men and women for employment at similar rates. These numbers suggest the substantial underrepresentation of women in cybersecurity isn’t for lack of recruiter interest.