1.
CompTIA
Member
Services,
LLC
IT
Security
Still
a
Critical
Area
After
a
Decade
of
Study
CompTIA’s
10th
Annual
Information
Security
Trends
study
comes
at
a
time
of
dramatic
change
in
the
IT
industry.
Cloud
computing,
mobility,
and
big
data
are
altering
the
landscape
and
causing
technology
to
be
ingrained
in
business
operations
like
never
before.
Yet
security
remains
a
high
priority,
even
among
these
trendy
topics.
Four
out
of
five
companies
place
a
higher
priority
on
security
today
than
they
did
two
years
ago,
and
PricewaterhouseCoopers
estimates
that
global
cybersecurity
spending
hit
$60
billion
in
2011.
As
companies
take
actions
to
address
new
trends
in
technology—such
as
detailed
reviews
of
cloud
provider
security—they
are
also
finding
that
new
technology
is
causing
end
users
to
play
a
more
prominent
role
in
security
schemes.
End
users
are
important
because
the
human
element
is
playing
a
larger
part
in
security
breaches.
Not
only
does
it
contribute
to
over
half
of
root
cause
of
breaches,
but
46%
of
companies
also
see
it
becoming
more
of
a
factor
over
the
past
two
years.
The
top
source
of
human
error
is
end
user
failure
to
follow
procedure.
It
is
difficult
for
a
product
to
adequately
address
this
issue,
so
companies
must
consider
new
ways
of
educating
their
workforce.
Instead
of
one-‐time
training,
companies
should
build
programs
that
are
ongoing
and
interactive,
with
metrics
that
track
effectiveness.
Another
source
of
error
could
be
the
IT
staff.
While
nearly
6
out
of
10
companies
believe
their
staff
has
an
appropriate
level
of
expertise,
companies
are
aware
that
skills
gaps
exist
in
areas
such
as
cloud
security,
mobile
security,
and
data
loss
prevention.
These
gaps
can
be
closed
with
training
and
certification—84%
of
companies
report
a
positive
ROI
from
certifying
their
staff.
The
IT
channel
can
also
play
a
role
in
improving
the
security
posture
for
organizations.
Three
fourths
of
channel
firms
are
involved
in
security
in
some
form,
with
18%
offering
security
as
a
stand-‐alone
product
or
service.
As
with
other
areas
of
technology,
channel
firms
are
looking
for
ways
to
offer
security
in
a
recurring
revenue
model.
This
could
be
offering
cloud
security
products
in
place
of
traditional
on-‐
premise
hardware
or
software,
or
it
could
be
offering
security
as
a
managed
service.
Education
for
end
users
represents
a
prime
opportunity
here
if
channel
firms
can
build
effective,
ongoing
training
programs.
Addressing
this
important
topic
is
also
good
business:
66%
of
channel
firms
involved
with
security
expect
security-‐related
revenue
to
grow
in
the
next
year,
with
16%
expecting
significant
growth
of
10%
or
greater.
CompTIA’s
10th
Annual
Information
Security
Trends
study
was
developed
from
a
survey
of
500
end
user
firms
and
368
channel
firms
in
the
US.
The
data
was
collected
during
September/October
2012.
The
full
report
is
available
at
no
cost
to
CompTIA
members.
Visit
www.comptia.org/research
or
contact
research@comptia.org
for
details.
Human&Element&a&Major&Part&of&Security&Risk&
Factors(in(
Security(Breaches(
54%(
46%(
Human(
Error(
Technology(
Error(
Top(Human(Error(Sources(
(
49% &End&user&failure&to&follow&
&policies&and&procedures&
(
36%& &IT&staff&failure&to&follow&
&policies&and&procedures&
&
34%& &General&carelessness&
®arding&security&
&
34% &Lack&of&security&experBse&
&with&website/applicaBons(
Source:&CompTIA’s&10th%Annual%Informa0on%Security%Trends%study&
Base:&308&end&users&experiencing&security&breaches&