Security execs fret over BYOD and social; Outgunned anyway

Security execs fret over BYOD and social; Outgunned anyway

Summary: Seventy eight percent of security pros see bring your own device (BYOD) policies as a big security risk. The problem: Security pros are outgunned, according to a survey.

TOPICS: CXO, Mobility, Security

Security professionals are outgunned, stressed about bring your own device policies and looking for reinforcements and more people. Good luck with that.

Those takeaways sum up the Global Information Security Workforce Study (GISWS) by ISC squared, a non-profit security professional group, in partnership with Booz Allen Hamilton and conducted by Frost & Sullivan. The survey is being released at the RSA conference this week. 

The study, based on 12,000 security pro respondents, highlighted the following:

  • 56 percent of security pros think their companies are short staffed;
  • Hacking is the top concern for 56 percent of security professionals;
  • Hactivism and cyber-terrorism are concerns for about the same number of executives;
  • 15 percent of companies have no idea how long it would take them to recover from an attack;
  • 78 percent of respondents see bring your own device (BYOD) policies as a big security risk;
  • 68 percent fret about social networking security;
  • And 63 percent see reputation damage as the biggest concern.


Topics: CXO, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Which?

    There are several issues here.

    Yes, the CEO's at many corporations are running their companies with too few security personnel, but there is no incentive not to as they do not face any penalty for placing their corporation at risk.

    There are too few safeguards to stop hacking, viruses, etc. It's up to company security to ensure that all devices connecting to the company has the same level of security.

    There is virtually no security difference between an employee's device and the company's device. Private devices should have the same security measures as a company device. A private device should simply produce a code verifying that it's security is just as up to date as the corporations to permit logging in.
  • BYOD in hospitals

    BYOD is a big security problem, but many companies are willing to deal with it because of the potential productivity gains. User awareness is important but it is education that seems to really make the difference in making BYOD successful and secure. Our healthcare facility put a BYOD policy in place to use Tigertext for HIPAA complient text messaging, but the doctors still used their unsecure regular text messaging. Even though we had a good BYOD policy, it wasn't enough, we had to bring each doctor in to admin for 15 minutes of training and explaining the HIPAA issues and how to use the app correctly. Now we have about 95% of the doctors in compliance. If you want employees to comply with your IT security program, you really need to educate employees about the BYOD policy and the technologies you use weather it is an app like Tigertext or a larger MDM system.