Surge in IT Security Measures Anticipated in 2015

Survey shows employee training is a top priority for CIOs in protecting company information

Chief information officers (CIOs) are taking a multipronged approach to protecting sensitive company information, a new survey from Robert Half Technology shows. The majority of CIOs interviewed are currently taking or planning to take steps in the next 12 months to improve information technology (IT) security at their firms. The most common strategies include beefing up employee training on security issues (54 percent), vetting firms that have access to company data more closely (45 percent) and hiring more IT security professionals (41 percent).

The survey was developed and conducted by Robert Half Technology, a leading provider of IT professionals on a project and full-time basis, and includes responses from more than 2,400 CIOs from U.S. companies with 100 or more employees in 24 metropolitan areas.

CIOs were asked, “Which, if any, of the following measures is your company currently taking or planning to take within the next 12 months to enhance IT security?” Their responses:*

Currently taking or planning to take ANY of the following measures- 85%
Enhance employee training on security issues- 54%
Enhance vetting of firms with access to company data- 45%
Add IT security personnel- 41%
Implement multifactor authentication processes- 41%
Contract with third-party vendors or add tools to enhance security- 41%
Currently taking other measures- 1%
Not currently taking or planning to take any of the measures identified- 15%

* Multiple responses were allowed.

“We live in an era where information security threats are a real business risk,” said John Reed, senior executive director of Robert Half Technology. “CIOs are attacking the problem from all sides, but there is a strong emphasis on employee-driven measures. Vigilant IT teams and security-savvy individuals throughout the organisation are a valuable and fundamental defense; without both, other courses of action will be less effective.”

A strong organisational communications plan and sound relationships with vendors will help improve security measures, but it all begins with the team responsible for managing those efforts.

Robert Half Technology offers the top three attributes of effective security employees and what to ask them when hiring:

Future Focused – It’s important to ensure candidates will be an asset to your security efforts, bringing a broad range of experiences that will allow them to identify vulnerabilities in your network. Use this opportunity to discuss their use of proven methodologies, best practices and risk intelligence in previous roles and try to assess how they would apply them in your company. Ask candidates: “How would you create a security-conscious culture in our business?”
Security Certifications – A well-rounded security professional will not only take steps to protect the organisation, but also to stay ahead in the industry. With so many widely recognised certifications available — like CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) and CompTIA certifications — it’s not uncommon for candidates to have these on their resumes. While certifications show an investment and commitment to growing their knowledge base, it’s important to assess applicants’ real-world experience, too. Ask candidates: “How have your security certifications prepared you for this role?”
Soft Skills – IT security professionals should have impeccable communication skills. Externally, they should be building solid relationships with firms and vendors that have access to company data or may be brought on to help with security efforts. Internally, they should be able to raise awareness to potential threats and explain security measures in a way that will help guide employee behaviors. The prevalence of bring your own device (BYOD) policies, for example, is just one of the many trends that make clear communication skills vital to ensuring companywide compliance. It’s essential for security team members to build partnerships across the organisation to help increase vigilance throughout. Ask candidates: “What would be your communications approach around security, potential threats and best practices to senior leadership and employees companywide?”

Added Reed, “Successful organisations always start with good people, and talented security professionals are no exception. An effective security team will be able to institute processes, establish policies and ensure best practices are in use, resulting in the utmost safety for the business.”

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
zfccn	session	Zoho sets this cookie for website security when a request is sent to campaigns.

Cookie	Duration	Description
iutk	5 months 27 days	This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_24973378_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
2d719b1dd3	session	No description
4662279173	session	No description available.
ad2d102645	session	No description available.
zabUserId	1 year	No description available.
zabVisitId	session	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zc_consent	1 year	No description available.
zc_show	1 year	No description available.
zft-sdc	9 hours	No description
zps-tgr-dts	1 year	No description
zsce91abfc07ada4f669e78cb08dd394486	30 minutes	No description

Surge in IT Security Measures Anticipated in 2015