LONDON: 82% of organizations expect to be cyber attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business according to a study by ISACA and RSA Conference. More than one in three is unable to fill open positions.
These are the key findings of State of Cyber security: Implications for 2015, a study conducted by ISACA, a global leader in cyber security, and RSA Conference, organizers of prominent, global cyber security events.
Based on a global survey of 649 cyber security and IT managers or practitioners, the study shows that 77 percent of those polled experienced an increase in attacks in 2014 and even more (82 percent) view it as likely or very likely that their enterprise will be attacked in 2015.
At the same time, these organizations are coping with a very shallow talent pool. Only 16 percent feel at least half of their applicants are qualified; 53 percent say it can take as long as six months to find a qualified candidate; and more than a third are left with job openings they cannot fill.
A portrait of the ideal cyber security professional emerges from this list of shortfalls: the top three attributes are a formal education, practical experience and certifications.
“The State of Cyber security study reveals a high-risk environment that is being made worse by the lack of skilled talent,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation, CA Technologies.
“ISACA is collaborating with industry and government to close this gap through resources designed specifically to meet the unique and complex requirements of the cyber security profession,” Stroud said.
“We need competent, well-trained, cyber security professionals dedicated to the job, and good IT Governance framework for effective use of these valuable assets to block a cyber attack. ISACA always championed the need of IT governance framework. With Cyber security Nexus (CSX), ISACA is now poised to narrow the gap in availability of certified cyber security professionals,” said Avinash Kadam, Advisor, ISACA India Growth Task Force.
As cyber security incidents increase, it is important to examine the surrounding issues. The collaboration between RSA Conference and ISACA explores recent issues such as hacks, attacks, flaws, security structures, budgets and policies.
The study reveals that organizations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff. The top four threat actors exploiting organizations in 2014 were cybercriminals (46 percent), non-malicious insiders (41 percent), hackers (40 percent) and malicious insiders (29 percent). Sixty-four percent are very concerned or concerned about the Internet of Things, and less than half feel their security teams are able to detect and respond to complex incidents
