Nearly three out of four organizations have been plagued by at least one security breach or incident in the past year, with about 60 percent of breaches categorized as serious, according to a new report released today by CompTIA. The International Trends in Cybersecurity report also reveals that organizations are altering security practices and policies due to greater reliance on cloud computing and mobile technology solutions.
More than 1,500 business and technology executives in 12 countries were surveyed. The report includes data from Australia, Brazil, Canada, Germany, India, Japan, Malaysia, Mexico, South Africa, Thailand, the United Arab Emirates and the United Kingdom. Across all countries surveyed, 73 percent of organizations said they've experienced at least one security breach or incident in the past 12 months. Self-reported security breaches were most prevalent in India (94 percent), Malaysia (89 percent), Brazil (87 percent), Mexico (87 percent) and Thailand (82 percent). Organizations in Japan (39 percent) and the United Arab Emirates (40 percent) self-reported the lowest percentages of cybersecurity incidents.
The percentage of mobile-related security incidents—such as lost devices, mobile malware and phishing attacks or staff disabling security features—was even higher: 76 percent across all 12 countries. Mobile incidents were self-reported at the highest percentages in Thailand (95 percent), India (92 percent) and Mexico (89 percent); and in the lowest percentages in Japan (60 percent), the United Arab Emirates (60 percent) and the United Kingdom (64 percent).
In 10 of 12 countries, changes in IT operations, whether due to greater reliance on mobile technology, the use of cloud-based solutions or some other factor, were listed as the top driver for altering approaches to cybersecurity.
Organizations are taking steps to assess and improve cybersecurity knowledge among their employees. Practices include new employee orientation, ongoing training programs, online courses and random security audits.
But the results so far have been mixed. Only 23 percent of organizations rate their cybersecurity education and training methods as extremely effective. Making employee training mandatory, more comprehensive training delivered more often and combining training with follow-up tests and assessments are some of the steps that would improve effectiveness, executives said.
Nearly all managers believe it is important to test after cybersecurity training to confirm knowledge gains (96 percent). Eight in 10 indicate that professional certifications for IT workers are valuable or very valuable as a way to validate cybersecurity-related knowledge and skills.