If you are working as an IT professional, manager or director, chances are that you’re wearing many different hats. You are juggling the day-to-day priorities of your IT department all while trying to address security challenges. And somehow, there’s never enough hours in a day, is there?
Back in the days, IT pros were responsible for maintaining and updating an organization’s software and hardware. Nowadays, they are faced with a myriad of operational challenges and must secure their organization’s critical assets against security breaches and intrusions at the same time. In fact, a recent study by Frost & Sullivan revealed that a whopping 32 percent of IT professionals name security concerns as their biggest challenge.
Which security challenges are most critical for IT professionals? What should be prioritized, and what is maybe less relevant? And how can IT professionals continue to get their daily responsibilities done and secure their business at the same time?
We’ve compiled some of the biggest security challenges facing today’s IT professionals and gathered some practical recommendations for how to overcome them effectively.
*Disclaimer: In this article, we focus on some of the most commonly-cited security challenges that IT professionals are facing. This list is not meant to be exhaustive but is intended for guidance only. For a thorough analysis of your security challenges, gaps and overall security posture, please consult with a security expert of your choice.
It comes as no surprise that IT departments are severely understaffed. In many cases, there are no dedicated security functions within the IT function – a phenomenon that relates back to the infamous cybersecurity skills gap.
According to the Cybersecurity Jobs Report 2018-2021, the industry is facing about 3.5 million unfilled cybersecurity jobs by 2021. Although organizations may be actively recruiting security staff to join their IT teams, there may simply not be enough qualified resources out there to fill the positions.
What this means is that IT pros are constantly struggling to fill this gap, juggle priorities and use their existing team to do a security job that may not be qualified for or, simply put, that they just don’t have the time to do.
What to do?
If you don’t have enough people to take care of your security needs, you may want to:
Another critical challenge that IT professionals are facing is the lack of expertise within their teams. IT is becoming an increasingly complex field that brings about many new technologies and concepts such as the Internet of Things (IoT), Big Data, Artificial Intelligence (AI) or the cloud – all of which must be understood in order to be leveraged for business success.
Finding skilled and experienced resources who are well versed in these new technologies is hard, and retaining these resources is even harder. According to recent research, the IT industry has become so competitive and specialized that qualified resources either demand higher salaries, or simply choose to do temporary assignments.
What to do?
When it comes to juggling priorities, all IT professionals seem to be in the same boat. They are being pulled in many different directions and are trying hard to satisfy the needs of different departments all while putting out fires when dealing with day-to-day emergencies. As the saying goes, “if you have too many priorities, you have none”.
A couple of years ago, the Harvard Business Review dug a little deeper into the importance of strategic priorities with a survey of 1,800 global executives. A total of 64% of executives reported having too many priorities on their plate, and that priorities are often conflicting. An interesting finding from this particular piece of research was that a company’s revenue actually declines as the priority list grows for an executive team. What this means for IT departments is that they are best advised focusing on a small set of priorities.
What to do?
At the beginning of each fiscal year (and at least 1x per quarter following that), make sure to reflect upon the successes of last year and identify areas of improvement for the next one. What’s important here is to engage your IT team and define a clear mission that you’re trying to achieve, as well as a small set of goals that you’re working towards this year. Then, discuss what type of strategies are needed to achieve these goals.
Each member of your IT team should have a defined set of goals or key performance indicators (KPIs) that are “SMART”, meaning they should be:
If your priorities are well aligned with your capabilities as well as to the overall business strategy, you have a better chance of managing your IT-related responsibilities with ease and confidence.
Related Post: Cybersecurity Strategy FAQ – Best Practices for an Effective Cybersecurity Strategy
According to recent research, almost 65% of organizations don’t have full visibility into IT, user and third-party activity when it comes to their IT infrastructure. You can’t fix what you can’t see, and you can’t manage what you are not aware of.
Compared to other business functions such as HR, marketing or legal, the IT department is struggling to keep us with what is really happening inside their IT environment. New devices, technologies and applications add increasing complexity to the already complex IT infrastructure, which can result in operational downtime, security risks and wasted resources. Problem areas that come to mind are cloud systems and applications, user activity and behavior analysis, unstructured data and mobile devices.
What to do?
One of the most effective ways to increase your visibility of your IT environment is to have it monitored on a 24/7 basis. Of course, the ideal solution would be to properly sort through your environment and structure it in a way that follows best practices in terms of access control, user segmentation, information security as well as updates and patches, then have it monitored by an internal team of certified security specialists who will be on the lookout for potential breaches and intrusions.
Chances are, though, that neither you nor your team will have time to restructure your IT environment from scratch and monitor it on a 24/7 basis. Instead, you may want to consider partnering with an external security provider who is able to monitor, correlate and analyze your logs effectively and escalate security incidents in a timely manner. Unless you are fully confident in your own ability to monitor your environment, you may want to consider engaging a managed security service provider (MSSP).
Ideally, your MSSP should be able to evaluate your current cybersecurity posture, reveal your weaknesses and develop a clearly-defined action plan that you can implement, in addition to the usual 24/7 monitoring and incident management functionalities.
Related Post: 3 Key Considerations Before Outsourcing Your Security to an MSSP
Unfortunately, there are still too many organizations that don’t fully align their IT strategy with their overarching business strategy. In fact, only 1 out of 4 Chief Information Officers (CIOs) reports that their IT team is clear about how their work relates to business goals, and 10% of CIOs state that IT doesn’t connect work with business value at all… these are some dangerous statistics!
The difference between aligned and misaligned organizations is quite clear:
Only when your IT initiatives are aligned with organizational goals, you will be able to focus on what really matters to your organization, demonstrate effectiveness and justify additional funds for critical IT projects.
What to do?
Related Post: How to Align Your Security Strategy with Your Business Goals
Lastly, one of the probably biggest challenges that IT pros are facing is the lack of enough financial resources to implement and manage their IT projects effectively. Not only do IT pros struggle with too few people, too little expertise and too many priorities, they also need to worry about getting enough budget to continue their operations and allow for scalability to meet future demand.
Although global IT spending is on the rise, this does not automatically mean that IT leaders have enough money to run their departments effectively. Instead, they are frequently faced with the question “How should I be spending my IT dollars for maximum results?”.
What to do?
Related Post: How to Optimize Your Security Spend for Maximum ROI
Conclusion
IT Professionals don’t have it easy, that’s for sure. They struggle with a lack of resources, expertise, too many priorities and not enough budget, just to name a few.
We’ve presented some of the biggest security challenges facing today’s IT professionals and outlined some practical recommendations for how to overcome them effectively. Probably most importantly, IT leaders need to focus on their alignment with the overall business strategy.
If IT pros can demonstrate how their initiatives, projects and teams can help drive business goals and manage risk effectively along the way, then they will have a good chance of increasing their efficiencies, deal with change and work around problem areas such as limited budgets and skill shortages.
Especially today, IT should be approached strategically and as a business enabler, not simply as a cost item. Likewise, any IT strategy that is properly aligned with the strategic direction of the business has better chances of succeeding – not only for the benefit of the company, but also for the sake of hard-working IT professionals.
