Security professionals can sometimes find themselves caught up in dilemmas. On one hand processes and procedures are put in place to ensure the security of systems whilst maintaining accountability - these very same principles can become barriers at times when getting the job done is imperative.
It can put a professional in a tough spot where adhering to the principles and ethics of information security is desired - but these princples can be overridden in instances of job security, promotion or fear.
In this report, we asked 1107 security professionals to share their views and experiences. The key findings from this study found:
- 20% of respondents have witnessed a company hide or cover up a breach.
- Over half of security professionals utilize hacker forums or associate with blacklist to keep abreast of the latest threats and technologies
- Most believe the CISO (chief information security officer) should be ultimately accountable for a breach
- Security breaches are used as leverage to increase security budgets.
Many companies are realizing that being breached or suffering an incident is the part of the cost of business - however, when the inevitable does occur, the security teams still find themselves under considerable pressure which can contribute to breaches being hidden or vulnerabilities ignored.
It provides a glimpse into the struggles of professionals working in a very young industry that has been thrust into the forefront of business, politics and media.