80% of security leaders expect to be attacked this year
Four in five security leaders expect a cyber attack to hit their organisations this year, but many are unprepared to defend against emerging threats, an ISACA survey indicates.
More than half (53%) of respondents to the global information security association’s State of Cyber Security study reported a year-over-year increase in cyber attacks last year.
In addition, 78% of respondents reported experiencing malicious attacks that can impair an organisation’s operations and user data.
But many organisations are struggling to keep pace with the evolving threat environment due to a lack of resources. For example, while 62% of respondents reported experiencing ransomware last year, only 53% have a formal process in place to address it.
Fewer than one in three organisations (31%) routinely test their security controls, with 13% never testing them, and 16% do not have an incident response plan, the survey shows.
“There is a significant and concerning gap between the threats an organisation faces and its readiness to address those threats in a timely or effective manner,” ISACA Board Chair Dr Christos Dimitriadis said.
“Cybersecurity professionals face huge demands to secure organisational infrastructure, and teams need to be properly trained, resourced and prepared.”
On the bright side, 65% of organisations surveyed now have a chief information security officer (CISO), up from 50% last year.
But security leaders continue to report difficulties filling open cybersecurity positions, and one in four organisations have training budgets of less than US$1000 ($1335) per cybersecurity team member, limiting their ability to train talent to bridge these skills shortages.
“The rise of CISOs in organisations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign, but it’s not a cure-all,” Dimitriadis said.
“With the number of malicious attacks increasing, organisations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”
The multinational Ransomware Task Force is urging governments and industry leaders worldwide to...
FireEye's Mandiant has detailed a new attack campaign by an APT group that could be linked to...
An investigation into the state of macOS malware by Atlas VPN has found that malware developed to...