Half of all information security departments in the US are now smaller than they were as a result of the downturn, but professionals do not expect the situation to get any worse during the rest of the year.
As many as 72% of over 2,500 information security professionals polled for a survey say their budgets were reduced in the past six months due to the economic downturn, but over half said they did not expect any additional cuts for the remainder of the year.
According to the ISC2 not-for-profit security group, roughly half of survey respondents had experienced at least one lay-off in the past few months, but 43% said they were looking to hire additional information security staff this year.
It appears that among American organisations, the skills that are most needed are in information risk management, operations security, access control and applications and systems development security. If this suggests US security teams are on top of web threats, another survey of security professionals has revealed that European IT managers are less confident than their US counterparts in their ability to mitigate malicious web threat exposure
In a survey commissioned by Blue Coat Systems of more than 600 network managers in Europe and the US, some 18% of US respondents claimed that malicious attacks had made an impact on their network in spite of the fact that web threats have increased by a factor of five between 2007 and 2008. In contrast, in the UK as many as 34% admitted malicious threats had made a significant or very significant impact.
One common view among a majority 56% of network managers both in the UK and the US was that there is a lack of confidence among security teams that they know for certain what applications are running on their networks.
“This fundamental lack of application-level visibility points to an inability to recognise malicious or non-business, recreational applications as well as an inability to identify those that are critical to the business,” said Blue Coat.
Many respondents believe that the advent of SOA and Web 2.0 applications made it more difficult to separate out whether application traffic is important, unimportant or malicious.
Europeans believed that a greater portion of corporate bandwidth was being used for non-business and recreational usage, than their US counterparts. This was the case for 46% of UK respondents compared with only 16% of US respondents.