HomeCyber SecurityOrganizations with Unfilled Cybersecurity Roles Suffer More Attacks

Organizations with Unfilled Cybersecurity Roles Suffer More Attacks

ISACA’s State of Cybersecurity 2020 Part 2 survey report also finds cyberattacks are increasing year over year and cybercrime is perceived to be underreported

The cybersecurity landscape is constantly evolving, and even more so during this time of disruption. According to ISACA’s State of Cybersecurity 2020 Survey Part 2 report, most respondents believe that their enterprise will be hit by a cyberattack soon—with 53 percent believing it is likely they will experience one in the next 12 months. This and other survey findings provide a powerful snapshot of what cybersecurity professionals are facing—including the types of cyberattacks, solutions, and reporting challenges—and just how much of an impact cyber teams make on the security of their organizations.

The survey, with responses from more than 2,000 respondents from over 17 industries and 102 countries, found cyberattacks are also continuing to increase, with 32 percent of respondents reporting an increase in the number of attacks relative to a year ago. However, there is a glimmer of hope—the rate at which the attacks increase is continuing to decline over time; last year, just over 39 percent of respondents answered in the same way.

Though while attacks are going up—with the top attack types reported as social engineering (15 percent), advanced persistent threat (10 percent) and ransomware and unpatched systems (9 percent each)—respondents believe that cybercrime remains underreported. Sixty-two percent of professionals believe that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so.

“These survey results confirm what many cybersecurity professionals have known from personal experience for some time and in particular during this health crisis—that attacks have been increasing and are likely to impact their enterprise in the near term,” says Ed Moyle, founding partner, Security Curve, and lead writer of the report. “These findings also reveal some hard truths our profession needs to face around the need for greater transparency and communication around these attacks so that practitioners can fully understand and effectively respond to the current threat landscape they are facing.”

Among the tools used in security programs for fighting these attacks are artificial intelligence (AI) and machine learning solutions, and the survey asked about these for the first time this year. While these options are available to incorporate into security solutions, only 30 percent of those surveyed use these tools as a direct part of their operations capability.

The survey also offers sobering insights into the connection between a fully staffed cybersecurity team, confidence in abilities to respond to threats, and the number of attacks that an enterprise experiences. While the number of respondents indicating they are significantly understaffed fell by seven percentage points from last year, a majority of organizations (62 percent) remain understaffed. The research found that understaffed security teams and those struggling to bring on new staff are less confident in their ability to respond to threats. Only 21 percent of “significantly understaffed” respondents report that they are completely or very confident in their organization’s ability to respond to threats, whereas those who indicated their enterprise was “appropriately staffed” have a 50 percent confidence level. The impact of lack of staff goes even further, with the research finding that enterprises struggling to fill roles on their teams experience more attacks, with the length of time it takes to hire being a factor:

  • Thirty-five percent of respondents in enterprises taking three months to hire reported an increase in attacks and 38 percent from those taking six months or more.
  • 42 percent of organizations that are unable to fill open security positions are experiencing more attacks this year

“Security controls come down to three things—people, process and technology—and this research spotlights just how essential people are to a cybersecurity team,” says Sandy Silk, CISSP, Director of IT Security Education & Consulting, Harvard University, and ISACA cybersecurity expert. “It is evident that cybersecurity hiring and retention are not just a challenge for teams—they can have a very real impact on the security of their enterprises. Cybersecurity teams need to think differently about how they search for and keep talent, including seeking candidates from non-traditional backgrounds, and diverse educational levels and experience.”

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS