Lack of security staff a concern for IT organisations
ISACA survey shows less than half of IT managers believe their security teams can tackle complex threats
Lack of adequately skilled security staff is a major concern for organisations, despite an expectation that cybersecurity incidents will increase, according to a survey by industry organisation ISACA.
The study found that less than half of respondents feel that their security teams are able to detect and respond to complex security incidents, while 13% were not confident of their ability to respond to simple incidents.
The State of Cybersecurity: Implications for 2015 global survey of 649 cybersecurity and IT managers or practitioners, conducted by ISACA and RSA Conference, found that 77% of organisations experienced an increase in attacks in 2014 and 82% expect to be attacked in 2015.
Despite the increased perception of risk, over a third of organisations were unable to fill security vacancies, 53% said it can take up to six months to find qualified candidates, and 16% reported that nearly half of all job candidates are not properly qualified.
Respondents also said that the biggest skills gaps in security professionals are ability to understand the business (72%), technical skills (46%) and communication skills (42%).
"The State of Cybersecurity study reveals a high-risk environment that is being made worse by the lack of skilled talent," said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. "ISACA is collaborating with industry and government to close this gap through resources designed specifically to meet the unique and complex requirements of the cybersecurity profession."
"The survey findings reflect what we are seeing and hearing from our speakers and attendees," said Fahmida Y. Rashid, editor-in-chief, RSA Conference. "The 2015 RSA Conference brings together professionals, experts and executives to share information about the latest attacks and exchange security strategies. This year's hot topics include detecting and responding to security breaches, practical ways to consume threat intelligence, and understanding the ‘Human Element.'"
The top four threat actors exploiting organisations in 2014 were cybercriminals (46%), non-malicious insiders (41%), hackers (40%) and malicious insiders (29%). Sixty-four percent are very concerned or concerned about the Internet of Things.
The report did show increased support from the business for cybersecurity functions. Seventy-nine percent of respondents say their board of directors is concerned with cybersecurity; 55% of organisations employ a chief information security officer (CISO); 565 will spend more on cybersecurity in 2015 and 63% say their executive team provides appropriate funding.
"If there is any silver lining to this looming crisis, it is the opportunities for college graduates and professionals seeking a career change. Cybersecurity professionals are responsible for protecting an organisation's most valuable information assets, and those who are good at it can map out a highly rewarding career path," noted Stroud.