IT security: Businesses response to online threats

Unless business leaders have been hiding under a stone for the past two decades, they will be well aware of the risks of operating in a digital, connected world. The internet has created significant commercial opportunities for organisations, but also various challenges - particularly where data storage and management is concerned.

With so much business now taking place online, and consumers engaging with brands via the web, data volumes are increasing exponentially. Firms are gathering large amounts of sensitive information, and each data set needs to be kept safely under lock and key, out of the reach of hackers, fraudsters and web-based thieves.

The loss of data - for instance, consumer banking details or intellectual property relating to new products/services - can leave organisations badly exposed. Not only do they face a potential fine from the Information Commissioner's Office, but there is also the prospect of reputational damage. This can lead to loss of trust, and ultimately customer attrition and revenue decline.

Responding to online threats

In 2014, the IT industry faces real challenges keeping up with the criminal community, as the sophistication of viruses, malware and scams continues to increase. IT Security vendors have to react to the emergence of new threats, and also take proactive steps to predict and guard against future dangers. This ongoing war between the scammers and the IT security industry shows little sign of abating.

As new threats emerge and vendors respond with their own software and services, businesses need to consider whether their own IT security defences are fit for purpose. Many IT security solutions businesses have invested in previously may no longer be sufficient, and new lines of defence may be required. Business leaders need to consider whether they are following industry best practice, and taking the steps required to guard their systems and data.

The fact that spending on IT security software is rising suggests organisations are taking the threat seriously. They are spending more in a bid to minimise - if not eradicate - the risk of suffering online attacks and data breaches. IT analyst Gartner reports that global security software revenue totalled $19.9 billion (£11.7 billion) in 2013, up by 4.9 per cent on the year before. Ruggero Contu, research director at the firm, described this as "healthy" growth for the industry.

"Overall, the larger trend that emerged in 2013 was that of the democratisation of security threats," he stated. Mr Contu said this was driven by the "easy availability" of malicious software and infrastructure - via the underground economy - that can be used to launch advanced targeted attacks. "This ubiquity of security threats has led organisations to realise that traditional security approaches have gaps," he added. As a result, many have decided to rethink their security strategies and invest more in technology.

"With every company becoming a technology company, more organisations are now looking to leverage a multitude of data points to become more competitive," Mr Contu stated. "This desire to become more digital brings with it its own challenges, in terms of securing this data to prevent data breaches, and to protect against advanced targeted attacks."

Securing your IT future 

Organisations are increasing the amount of money they are spending on IT security, recognising the importance of safeguarding their systems and networks. But without hiring innovative technology professionals to run their IT security programmes, many will struggle to take full advantage of the technology they are acquiring.

There is much more to an IT security strategy than simply downloading the latest anti-virus software and activating a firewall. Organisations need professionals who fully understand the risk landscape and how to develop all-encompassing security policies, which can be rolled out across the business and readily understood by employees at all levels.

Business leaders recognise this fact, and this is why there is strong demand for IT security professionals in 2014 - demand which, in fact, exceeds supply. The upshot of this skills shortage is more attractive terms for professionals working in IT security jobs. Those who switch employers or attempt to negotiate with their current organisation may be able to improve their pay and benefits package in 2014.

Average salaries are increasing at way above the rate of inflation for professionals in a variety of compliance, audit, risk and security roles. The Robert Half Salary Guide for 2014 predicts that the average information security manager will earn between £65,000 and £90,500 this year, up by 4.0 per cent on 2013. The same rate of pay inflation is expected for information security officers, who should earn between £40,000 and £65,250.

Wages are also increasing for security network engineers (up by 3.5 per cent to £40,250-£56,000), security network administrators (up by 3.6 per cent to £36,750-£49,750) and security systems administrators (up 3.2 per cent to £42,000- £54,750). Senior IT auditors should earn between £55,000 and £70,250 as a national average - up by 2.9 per cent on 2013 - while salaries for IT auditors are expected to be £42,000- £62,000 - up by 2.7 per cent on last year.

Conclusion

Businesses are seemingly taking their IT security responsibilities seriously, recognising the damage that can be caused by online attacks and data breaches. By acquiring technology solutions and the skills needed to maximise their return on investment, they are taking the necessary steps to reduce risk and safeguard their commercial position.