Global, independent, non-profit, association, ISACA reveals this and more in its January 2016 Cybersecurity Snapshot - a poll from its nearly 3000 members.
The top three threats that global IT and security professionals are most concerned about for their organization this year are:
- 52% Social engineering (Australia 60%)
- 40% Insider threats (Australia 33%)
- 39% Advanced persistent threats (Australia 33%)
These items outranked options frequently associated with cyberattacks, including malware (Australian 32%), unpatched systems (Australia 33%) and distributed denial-of-service attacks.
One major concern was that the cybersecurity skills gap continues to pose a significant obstacle to organizations seeking to expand their cyber workforce. 45% say that they are hiring more cybersecurity professionals in 2016, yet 94% of those hiring say it will be difficult to find skilled candidates. 60% say identifying who has adequate skills and knowledge will also be difficult.
“The aggressive increase in cyberattacks worldwide is feeding a growing chasm between demand and supply in the cybersecurity talent wars. It is also shedding light on a critical problem in our industry: identifying job candidates who are truly qualified to safeguard corporate assets in a landscape that is highly complex and constantly evolving,” said Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, international vice president of ISACA and president and COO of WhiteOps.
ISACA was the first to combine skills-based vendor-neutral cybersecurity training with performance-based exams and certifications to address the cyber talent shortage with the launch the CSX Practitioner certification in August 2015.
Another key issue was about cybersecurity legislation and reporting of cyber-breaches.
- 63% of global IT professionals oppose giving governments backdoor access to encrypted information systems. (Australia 73%)
- 59% feel that privacy is being compromised in an effort to implement stronger cybersecurity laws (Australia 60%)
There is marked scepticism about the likelihood of organizations sharing data breach information voluntarily as called for by the recently passed U.S. Cybersecurity Information Sharing Act of 2015.
- 83% favour regulation requiring companies to notify customers within 30 days of the discovery of a data breach – up 10% from 2014 (Australia 90%)
- 72% of US respondents say they are in favour of the U.S. Cybersecurity Information Sharing Act of 2015, which encourages cyber-threat information sharing between the government and the private sector. Yet, only 46% believe their own organization would do so voluntarily if it experiences a data breach.
“The Cybersecurity Snapshot shows that the professionals on the front lines of the cyber-threat battle recognize the value of information-sharing among consumers, businesses and government, but also know the challenges associated with doing so,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at INTRALOT.
“Cybersecurity has become a high-stakes, boardroom-level issue that can have crippling consequences for any C-suite executive who lacks knowledge about the issues and risks. Strong public-private collaboration and ongoing knowledge-sharing are needed to safeguard our organizations from cybercriminals,” he added.