Page 2 of 2
Application security vulnerabilities ranked the highest among security concerns, a trend identified in the 2011 survey, Taylor said. A shortage of software development professionals trained in security and secure software development processes is a significant issue, she added.
"There's a real need for more software engineers knowledgeable in secure application, product and platform design," Taylor said.
Threats from malware infections, the loss of control and visibility of data in the cloud, social networking ills and the BYOD trend also were identified as top issues of concern. BYOD technology was cited as a significant security risk by 78 percent of respondents, and 74 percent reported that new security skills are required to address BYOD issues. Sixty-eight percent of those surveyed said social media is a continued security concern as well.
The migration to cloud platforms and infrastructure and the steady adoption of Software-as-a-Service is also causing some anxiety, (ISC)2 said. Forty-nine percent of respondents named cloud-based services as either a top or high security concern in the 2013 survey, a 6 percent increase since 2011. Increased adoption of cloud-based services over the two-year period may have contributed to the increasing security concerns, the report found.
(ISC)2 said it believes there continues to be "considerable ambiguity regarding cloud-related risks," with 89 percent of survey respondents seeking security professionals with a sense of how security applies to the cloud. Seventy-eight percent of those surveyed said talented security pros with an understanding of cloud security guidelines and reference architectures are being sought. Security pros also need knowledge of compliance issues, technical knowledge and an understanding of how contractual obligations and requirements are related to security.
"A thorough understanding of each potential cloud service provider would be required to adequately assess risk across provider," the report said. "With cloud services providers not bound by industry standards or regulations with regard to security practices and procedures, general understanding of potential cloud risks would be incomplete in assessing risk."