Enterprise data security threats are becoming more sophisticated, targeted and financially damaging, making it critical for IT departments to implement sufficient security strategies and organizational policies. Many of these strategies involve improving employee knowledge regarding data protection and adopting modern security technology, yet having the the right personnel is equally as important.
One way for companies to combat the growing prevalence of cyberattacks and data breaches is to hire additional information security staff. According to a recent study by Information Shield, a provider of information security policy and data privacy practices, organizations across the enterprise and government expect to increase IT security staffing and budgets this year.
"For decades, information security specialists have been requesting ever larger budgets for their internal information security efforts, claiming that they are under-staffed," said Charles Wood, author of the report. "In response, senior management has often responded with comments like, 'Show me the numbers – how do you know we aren't spending enough?' This report provides those numbers – the numbers that allow an organization to determine how it ranks with its peers."
The study, which surveyed organizations from 34 countries, revealed information security staff accounts for about 0.5 percent of all full-time employees, an 880 percent increase compared to 1997. Furthermore, respondents expect information security staffing budgets to expand 14 percent this year, largely due to regulatory compliance concerns. Military, federal government, defense and aerospace organizations have the highest percentage of information security staff, the report said.
While hiring internal specialists can heighten security, reduce risk and help organizations meet regulatory compliance standards, many still outsource a significant portion of IT security functions. According to the survey, 60 percent of respondents said their firms outsource some information security tasks.
Whether increasing on-premise security personnel or adding external services, it has become vital for all businesses and government agencies to adopt advanced security and data protection technology. Many organizations are implementing integrated security solutions that enable them to monitor all networks, servers, computers, mobile devices and clouds from a central location in real time. In today's IT landscape, defending endpoints is not nearly enough, as protecting data and intellectual property with encryption and other data-centric solutions keeps information safe regardless of where and on what type of device it's stored.