Despite staffing and budgetary shortfalls, IT security managers continue to implement new security procedures and dedicate staff specifically to security. Twenty-nine percent of respondents, up 1% from last year, describe their IT security structure as a formal dedicated team. The portion of organizations that use individuals within IT to carry out security as only a secondary part of their jobs fell to 35%, down from 40% last year.
Other organizations are building an overall "culture of security." Even when a dedicated security staff exists, the job often involves educating IT and non-IT staff about security risks and needs.
"Everyone plays a role in security, and security is everyone's responsibility," says Kim Milford, information security officer at the University of Rochester. Training and awareness are critical aspects of the school's security program. Part of the university's IT security staff's work is helping employees understand their roles and responsibilities, providing guidance on risk assessment, and implementing controls.
Complex But Secure
Sometimes security managers find themselves working within complex security structures, answering to various supervisors and drawing on myriad sources of assistance. That's the situation for Tim Donahue, security manager for the U.S. Army's Distributed Learning System, which conducts online training for soldiers.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
