Building a Smarter Planet. A Smarter Planet Blog.

By Kris Lovejoy, general manager, IBM Security Services

There’s no question that protecting a business from IT security threats is getting increasingly complex for companies of all sizes – particularly with the rapid adoption of innovative technologies like mobility, cloud computing, big data analysis and social collaboration. Increased concern about privacy protection, regulatory compliance and rapid globalization add additional dimensions of complexity.

It is clear the ability to succeed in their efforts is hindered by the lack of security skills and requirements to work with tighter budgets. According to Frost and Sullivan’s 2011 (ISC)2 Global Information Security Workforce Study, a lack of skills has made many cybersecurity professionals under-qualified to adequately secure organizations from threats associated with adoption of social media, cloud computing, mobile devices and software applications.  The 2010 Center for Strategic & International Studies (CSIS) report called “A Human Capital Crisis in Cybersecurity” documented a need for 30,000 cybersecurity professionals in the United States, with only 1,000 positions filled.

Put simply, chief information security officers (CISOs) and chief information officers (CIOs) are trying to do more with less.  In security, this can be a recipe for disaster.

Nearly 2,400 North American and European enterprise executives and technology decision-makers queried in a commissioned survey conducted by Forrester Consulting on behalf of IBM said:

• 72% battle escalating and evolving threats.
• 75% struggle to help the business make the right internal priority choices.
• 68% have little time for proactive and preventative projects due to existing responsibilities.
• 53% come up short because new resources are hard to find.

The need for industry skills is becoming ever more important, particularly for those industries facing challenges brought on by an outdated security approach. Consider the challenges utilities providers face, particularly in the management of Smart Grids. With the increased use of connected digital technology to generate, transmit, and deliver power, the industry is looking to improve cybersecurity measures and develop a new, more sophisticated approach to business management.

• IBM is calling for a new approach to Smart Grids and how electric utilities staff and manage their cybersecurity and security-related compliance missions.
• To start with this new approach, IBM is recommending a list of cybersecurity best practices, such as “security as risk management,” which taps into historical data and documented experience used to mitigate the impacts of threats such as severe storms and natural disasters to provide metrics that senior management can use to evaluate return on investment.
• And to reinforce this new approach, IBM is recommending the appointment and empowerment of a C-level security executive with enterprise-wide authority.

The right security skills are a major part of the equation. However, companies can also be more effective if they combine that with the use of security intelligence tools to benefit their businesses by staying ahead of the threats. With a skilled trusted advisor who can help map out an appropriate security strategy based on experience, industry knowledge, and other tools such as analytics, companies can stay ahead of increasingly sophisticated threats and manage their risk-aware culture.

A great way for companies to remain prepared is to partner with the right advisor to identify potential blind spots and recommend intelligent, proactive solutions.

Technorati Tags: IT security, Kris Lovejoy