Not all data breaches and cyberattacks garner the same attention as Target or Home Depot, nonetheless, these threats remain on the rise. Yet, while most companies recognize the need for increased security, the vast majority has yet to align their internal strategies and resources with the demands of the digital world.
ISACA's recent "State of Cybersecurity: Implications for 2015" report explores variables contributing to the present state of cybersecurity. Conducted in partnership with RSA Conference, researchers polled 649 cybersecurity and IT managers or practitioners to examine how hacks, attacks, organizational structures, and policies impact the average enterprise. Overall, with regard to security budget changes in 2015, 56 percent of companies expect to see an increase in spend, while 33 percent of budgets will likely remain the same, emphasizing the fact that, while most acknowledge the value of cybersecurity, few have yet to make strides when it comes to improving their approaches.
The following statistics underscore global activities and perceptions pertaining to cybersecurity programs and the talent necessary to drive innovation forward:
- While 82 percent of respondents believe that it's 'very likely' or 'likely' that their organization will experience cyberattacks in 2015, most think hackers are motivated by financial gain (33 percent), disruption of service (24 percent), and intellectual property theft (19 percent).
- Fifty-nine percent of those polled claim their organization was not part of a cybercrime in 2014, yet 77 percent have experienced an increase in attacks compared to 2013.
- Cybercriminals (46 percent), nonmalicious insiders (41 percent), and hackers (40 percent) were the greatest threat actors exploiting enterprises in 2014, with phishing (68 percent), malware (66 percent), and hacking attempts (50 percent) representing the leading types of attacks last year.
- Though 65 percent of respondents are able to fill their open security positions, only 46 percent are comfortable with their security team's ability to detect and respond to incidents. Forty-one percent trust their teams, but only when it comes to simple issues.
- On average, less than 25 percent of applicants are qualified (52 percent), with most candidates lacking the ability to understand the business (72 percent) and the necessary technical skills (46 percent). Overall, 69 percent of brands require certification when filling open security positions, with 53 percent claiming it takes three to six months to find qualified candidates.
- Because 64 percent of those surveyed are 'very concerned' or 'concerned' about the Internet of Things in the workplace, 58 percent restrict access to social media. Eighty-seven percent of those polled also have their own security awareness program in place.
- While 87 percent of executive teams support security, most communicate support by enforcing security policy (71 percent), providing appropriate funding (63 percent), and mandating security awareness training (56 percent).
Key takeaway: Cyberattacks aren't going away anytime soon. In fact, these threats will likely multiply with time. Thus, as cybercriminals and hackers become increasingly sophisticated, so must enterprise security strategies. Because cybersecurity issues can put any given brand's finances and reputation at risk, leaders have no choice but to invest in both the people and the programs that will ensure safety. Unfortunately, however, today's distinct skills gap presents companies with another obstacle that may hinder the speed of progress. Therefore, as leaders search for qualified applicants that possess both the technological and communication skills necessary to bring cybersecurity initiatives to fruition, companies must also provide funding for awareness training to ensure the entire enterprise remains attuned to the signs of potential threats and attacks.