A false sense of security still emanates from 70% of information technology teams that feel they are safe from cyberattacks, despite evidence that data breaches are a growing and ongoing threat.
In addition, 77% of IT teams at businesses throughout North America and Europe are feeling pressure from their bosses to get revenue-generating projects out the door without the tools and time needed to assure their security, according to Trustwave's 2015 Security Pressures Report, published today.
However, the companies' bosses are more mindful of security concerns. Just about half of 2013's survey respondents said they felt the most pressure about security concerns. That number rose to 61% in 2014.
Chicago-based Trustwave commissioned a research firm to survey 1,016 full-time IT professionals who were security decision makers or influencers within their organizations between December 2014 and January 2015. Of those surveyed, 616 were in the U.S., 202 in the U.K. and 198 in Canada. More than half worked with companies of 1,000 or more employees.
Considering about 43% of all businesses have been hit with some sort of breach over the past year, the survey's results show a disconnect in that so many IT professionals consider their employers safe from data compromises, said Greg Rosenberg, a Trustwave security engineer.
"Some are misguided or don't have the latest data, and some answer that question based on how they feel at that moment," Rosenberg said. "Part of it is job security as well. They are not going to say they feel their company is not safe, because they know they would be asked what they intend to do about it."
The mounting pressures IT teams face do not come with a corresponding rise in budget and resources.
Even though most fraud experts consider the use of weak passwords a major problem plaguing data security, only 9% of the security professionals surveyed pointed to weak passwords as something they felt pressured to resolve. Past Trustwave research indicates that easy-to-crack passwords contribute to nearly one-third of all breaches.
Last year, Trustwave technicians cracked more than half of 630,000 passwords they obtained during penetration tests in just a few minutes and 92% of them within 31 days.
A corporate lack of awareness about password security is similar to a homeowner being aloof about keeping the front door locked because he knows his wallet is not in the living room, Rosenberg said.
"But it is pretty easy to go from room to room once a criminal is inside," he said. "People don't understand that the anatomy of an attack is many steps combined, and breaking weak passwords is just one of those steps to really gain access to a system or network."
When asked about emerging technologies, IT professionals said they were most concerned about adopting cloud-based systems or bring-your-own-device policies, which allow employees access to company networks through their personal equipment. Compared to 25% last year, 47% this year said they were most pressured to use or deploy the cloud.
Clearly, the IT teams want more help, as 84% said they wanted the size of their team increased.
A boost to manpower may help, but it is equally important for the IT professionals to communicate clearly with those on staff charged with data security, Rosenberg said. "Too often, the IT team is pushing to get a project out the door, while the security team is slowing it down to make sure it is secure."