With the pressure on to secure the digital fortifications of payment data, security professionals say they need more money, more time, and more knowledgeable staff to defend their companies, according to a survey from data-security company Trustwave.
In its 2015 Security Pressures Report, of the more than 1,000 security professionals surveyed, 29% want larger budgets, compared with 21% in 2014. Similarly, staffing needs—29% in 2015 versus 20% in 2014—and more time to focus on security—21% in 2015 and 19% in 2014—are top concerns.
In 2015, 57% expect more pressure to secure their corporate realms compared with 54% in 2014.
But, with the added pressure there appears to be a shortfall of money, time, and expertise to aid the effort, says Greg Rosenberg, a security engineer with Chicago-based Trustwave.
And that may be evidence of a disconnect between executives, who decide which data-security projects to pursue and fund, and those who put them into place, he says.
“Part of the reason for the disconnect, especially among the old guard in the payments space, is that risk had this traditional modeling, and it was very much a classical financial-risk modeling,” Rosenberg tells Digital Transactions News. “A lot of those risk-modeling behaviors don’t take into consideration what’s been happening in data security in the last 10 years.”
Specifically, that means the new risk modeling must be built on an understanding of the anatomy of attacks, Rosenberg says, and move beyond compliance with data-security standards as a cure-all. “This requires those who hold the purse strings to have a better understanding for the true risk picture today,” he says.
The survey found that 61% felt pressure this year from upper-tier of executives, up from 50% in 2014. “That’s not surprising with what’s happened in the past year,” Rosenberg says, suggesting the size and prominence of breaches are influencing chief executives. While these executives may not be allocating enough resources to complete every data-protection project on time and without overtime, it is a positive that data security is at least being discussed, Rosenberg says.