According to a recent study, 82 percent of organizations expect to be attacked in 2015. However, the dangerous shortage of skilled cybersecurity professionals poses a significant risk for these businesses and customers alike, as 35 percent are unable to fill open positions.
The survey, conducted by ISACA and RSA Conference, consisted of 649 IT managers and practitioners from a variety of industries around the world. Of these respondents, 77 percent saw an increase in attacks against their company in 2014.
Meanwhile, the survey confirms that organizations are struggling to obtain qualified professionals. Survey respondents revealed it took 53% of organizations anywhere from three to six months to fill an open position, and 10 percent were unable to fill the position at all.
“The study reveals a high-risk environment that is made worse by the lack of skilled talent,” said Robert E. Stroud, international president of ISACA.
Furthermore, security professionals continue to see a skills gap, even among hired individuals.
“Survey participants overwhelmingly reported that the largest gap exists in security practitioners’ ability to understand the business,” read the report. “This is followed by technical skills and communication.”
Forty-two percent of respondents claimed they were uncertain of the abilities of their staff to detect and respond to complex incidents.
The most prolific threat actors that organizations saw exploited in their enterprise in 2014 included cybercriminals (45 percent), hackers (40 percent), non-malicious insiders (41 percent), and malicious insiders (29 percent).
Nonetheless, organizations like ISACA are working to close the gap through resources designed specifically to meet the unique requirements of the cybersecurity profession, adds Stroud.
“A silver lining to this crisis is the opportunities for college graduates and professionals seeking a career change. They are responsible for protecting an organization’s most valuable information assets, and those who are good can map out a highly rewarding career path,” said Stroud.
Additional key findings from the State of Cybersecurity: Implications for 2015 report include:
- 79 percent said their board of directors is concerned with cybersecurity
- 55 percent employ a Chief Information Security Officer (CISO)
- More than three-quarters of respondents reported having an incident response plan.
- 56 percent claim their security budget will increase in 2015.