Two-thirds of IT pros oppose government backdoor access
ISACA survey shows 63% against allowing government access to encrypted systems
Nearly two-thirds of IT professionals are against governments having ‘backdoor' access into communications and IT systems, according to a survey by ISACA.
The IT association conducted a survey of 2,920 of its members in 121 countries, and found that 63% oppose giving governments backdoor access to encrypted information systems, and while 59% feel that privacy is being compromised in an effort to implement stronger cybersecurity laws.
Over half of respondents to the January 2016 Cybersecurity Snapshot survey said that they did not believe their own organisation would voluntarily share information if they had suffered a data breach. Eighty-three percent of those polled favour regulation requiring companies to notify customers within 30 days of the discovery of a data breach - a 10-point increase in little more than a year. Nearly three-quarters (72%) of US respondents say they are in favour of the US Cybersecurity Information Sharing Act of 2015, which encourages cyber-threat information sharing between the government and the private sector.
"The Cybersecurity Snapshot shows that the professionals on the front lines of the cyberthreat battle recognize the value of information-sharing among consumers, businesses and government, but also know the challenges associated with doing so," said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at INTRALOT. "Cybersecurity has become a high-stakes, boardroom-level issue that can have crippling consequences for any C-suite executive who lacks knowledge about the issues and risks. Strong public-private collaboration and ongoing knowledge-sharing are needed to safeguard our organisations from cybercriminals."
The survey identified the top three threats to IT security in 2016 as social engineering (52%), insider threats (40%) and advanced persistent threats (APT) (39%). These items outranked options frequently associated with cyberattacks, including malware, unpatched systems and distributed denial-of-service attacks.
According to survey respondents, the cybersecurity skills gap continues to pose a significant obstacle to organisations seeking to expand their cyber workforce. Close to half (45%) of those surveyed worldwide report that they are hiring more cybersecurity professionals in 2016, yet fully 94% of those hiring say it will be difficult to find skilled candidates. Identifying who has adequate skills and knowledge will also be difficult, say more than six in 10 survey participants.
"The aggressive increase in cyberattacks worldwide is feeding a growing chasm between demand and supply in the cybersecurity talent wars. It is also shedding light on a critical problem in our industry: identifying job candidates who are truly qualified to safeguard corporate assets in a landscape that is highly complex and constantly evolving," said Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, international vice president of ISACA and president and COO of WhiteOps.
ISACA was the first to combine skills-based vendor-neutral cybersecurity training with performance-based exams and certifications to address the cyber talent shortage with the launch the CSX Practitioner certification in August 2015.