The cloud and Internet of Things may excite the payments and technology industries, but they are a source of mounting pressure for in-house data security professionals.
Forty-seven percent of more than 1,400 in-house security professionals questioned in a Trustwave survey late last year said they were under the most pressure to adopt and deploy cloud technology quickly, while 17% cited the Internet of Things, a concept for an environment in which mobile devices, wearables and appliances are all Web-connected.
But each new connection to a device or to the cloud is a new opportunity for fraudsters to wreak havoc.
"It's an example of this growing attack surface," said Dan Kaplan, a Trustwave researcher and author of the annual Security Pressures Report.
The Internet of Things carries much confusion with it in these early stages, but "the potential around it is massive" and it puts tremendous pressure on security workers, he added.
"Much like mobile devices and the cloud, the network-connected technologies are there for continuity and benefit, but it will be riddled with vulnerabilities," Kaplan said.
Data security professionals also face mounting pressure to get new security tools in place to combat the persistent onslaught of cyber-attacks.
Sixty-three percent said they felt more pressure overall in 2015 than the previous year, an increase over the 54% in 2014. Pressures are likely to mount as well, with 65% predicting it will increase during 2016.
Many are troubled by the shortage of security expertise available to thwart attacks on payment data and personal credentials, with 14% citing it as the biggest threat, up from only 5% the previous year.
"In a lot of cases, organizations lack the resources and skills to do their security at a level that they need to," Kaplan said.
Many need the help of security experts to avoid falling behind the fast pace of information technology, Kaplan added.
"IT departments want to concentrate on revenue-generating projects, and that's what they should be doing," Kaplan said. "They don't want to just throw bodies at a [security] problem, they want to partner with a third-party provider that can help them."
Forty percent of respondents feel the most pressure in relation to their security program either directly before or after a company board meeting, while pressures to select security technologies with all of the latest features jumped to 74% from 67% the previous year.
Many companies have a desire to buy the latest and greatest security technology, but a third of the security professionals say they find out later they don't have the resources to properly use those technologies, Kaplan said. "We call that a shelfware problem, where the new technology sites on a shelf, gathering dust."
While security officials continue to fear the theft of customer data and intellectual property, the ability of criminals to disable a corporate website is the biggest rising fear for 13% of respondents, up from 7% the year before.
Mounting pressure too often equates to companies not being entirely prepared to combat cyber criminals.
"Companies generally are slow to react, but we are starting to see a transition toward fraud detection," Kaplan said. Security teams need to be equipped and prepared to detect attackers before they can get into the network, he added.
"You want to keep the criminals away from the good stuff, whether it is at the point of sale or in a database," Kaplan said.