IDC decries ‘major’ gap between regional business, IT over cyber security
Study by research firm highlights security solutions investments lag threat landscape
Regional organisations are taking "gradual steps" to strengthen their cyber security strategy, but IT departments still struggle to be heard by decision makers when it comes to investment in effective ICT security solutions, according to a recent survey conducted by the International Data Corporation.
Sharing the findings of its "Middle East IT Security End-User Survey", IDC said regional security departments are increasingly favouring advanced solutions to shield against rogue network traffic or intrusion attempts.
Additionally, organisations have been widening training and user awareness programmes.
Some 57% of cyber-security decision-makers said "maintaining a secure environment" was the greatest challenge they had faced in 2014. Around half placed "ensuring IT performance" as their second-ranked concern.
IDC said responses strongly indicated that the security "landscape" is evolving faster than investment in IT security solutions.
The research firm distinguished regional IT managers from IT decision makers and CIOs, in their attitude to, and awareness of, growing threats. In responding to IDC's survey, IT managers warned of "the increasing sophistication of attacks", "the lack of executive management support", and "the lack of an information security strategy" in their organisations.
"There is a clear disconnect between IT decision makers and IT departments in terms of how to better manage security," said Megha Kumar, research manager for software, IDC Middle East, Africa, and Turkey. "Decision makers or CIOs see skills as the main hindrance, while IT managers state that there is a lack of support for their security solutions. Both CIOs and IT managers stated that there is a clear lack of IT security strategies. This shows that a major gap still exists between business and IT when it comes to implementing more robust and dynamic security strategies."
Major 2014 investments in the ICT security field were "firewalls, intrusion detection, and prevention" and "anti-malware and data-loss prevention", according to the survey results.
"It is worth noting that there is a growing emphasis on the deployment of next-generation firewalls that provide analytical insights on network traffic flow to better secure enterprise perimeters," Kumar said.
IDC believes an effective response to the threat landscape will consists of a mix of on-premise solutions and third-party services. As regional organisations continue to adopt third-platform technologies (cloud, social media, analytics and mobility) they will need to "constantly work on balancing both their IT priorities and security posture", the research company said.