Surge in IT Security Measures Anticipated in 2015
Survey shows employee training is a top priority for CIOs in protecting company information
Chief information officers (CIOs) are taking a multipronged approach to protecting sensitive company information, a new survey from Robert Half Technology shows. The majority of CIOs interviewed are currently taking or planning to take steps in the next 12 months to improve information technology (IT) security at their firms. The most common strategies include beefing up employee training on security issues (54 percent), vetting firms that have access to company data more closely (45 percent) and hiring more IT security professionals (41 percent).
The survey was developed and conducted by Robert Half Technology, a leading provider of IT professionals on a project and full-time basis, and includes responses from more than 2,400 CIOs from U.S. companies with 100 or more employees in 24 metropolitan areas.
CIOs were asked, "Which, if any, of the following measures is your company currently taking or planning to take within the next 12 months to enhance IT security?" Their responses:*
- Currently taking or planning to take ANY of the following measures- 85%
- Enhance employee training on security issues- 54%
- Enhance vetting of firms with access to company data- 45%
- Add IT security personnel- 41%
- Implement multifactor authentication processes- 41%
- Contract with third-party vendors or add tools to enhance security- 41%
- Currently taking other measures- 1%
- Not currently taking or planning to take any of the measures identified- 15%
* Multiple responses were allowed.
"We live in an era where information security threats are a real business risk," said John Reed, senior executive director of Robert Half Technology. "CIOs are attacking the problem from all sides, but there is a strong emphasis on employee-driven measures. Vigilant IT teams and security-savvy individuals throughout the organisation are a valuable and fundamental defense; without both, other courses of action will be less effective."
A strong organisational communications plan and sound relationships with vendors will help improve security measures, but it all begins with the team responsible for managing those efforts.
Robert Half Technology offers the top three attributes of effective security employees and what to ask them when hiring:
- Future Focused – It's important to ensure candidates will be an asset to your security efforts, bringing a broad range of experiences that will allow them to identify vulnerabilities in your network. Use this opportunity to discuss their use of proven methodologies, best practices and risk intelligence in previous roles and try to assess how they would apply them in your company. Ask candidates: "How would you create a security-conscious culture in our business?"
- Security Certifications – A well-rounded security professional will not only take steps to protect the organisation, but also to stay ahead in the industry. With so many widely recognised certifications available -- like CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) and CompTIA certifications -- it's not uncommon for candidates to have these on their resumes. While certifications show an investment and commitment to growing their knowledge base, it's important to assess applicants' real-world experience, too. Ask candidates: "How have your security certifications prepared you for this role?"
- Soft Skills – IT security professionals should have impeccable communication skills. Externally, they should be building solid relationships with firms and vendors that have access to company data or may be brought on to help with security efforts. Internally, they should be able to raise awareness to potential threats and explain security measures in a way that will help guide employee behaviors. The prevalence of bring your own device (BYOD) policies, for example, is just one of the many trends that make clear communication skills vital to ensuring companywide compliance. It's essential for security team members to build partnerships across the organisation to help increase vigilance throughout. Ask candidates: "What would be your communications approach around security, potential threats and best practices to senior leadership and employees companywide?"
Added Reed, "Successful organisations always start with good people, and talented security professionals are no exception. An effective security team will be able to institute processes, establish policies and ensure best practices are in use, resulting in the utmost safety for the business."