Building on the conclusions of the recent groundbreaking global study finding that the cybersecurity profession is at risk, the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) revealed new cybersecurity and business risks.
An aggregate 54 percent cybersecurity professionals surveyed admitted that their organization experienced at least one type of security event over the past year. Yet, none of the top contributors to these cyberattacks and data breaches are related to cybertechnology. Rather they point to human issues such as a lack of enough cybersecurity staff members as well as a lack of employee training and boardroom prioritization.
Further supporting this finding, 69 percent of cybersecurity professionals say the global cybersecurity skills shortage has had an impact on the organization they work for leading to excessive workloads, inappropriate skill levels, high turnover and an acute shortage especially in the areas of security analytics, application security and cloud security.
In this time with fluid world events, such as the U.S. presidential transition, cybersecurity professionals surveyed also send a strong message to national government: The vast majority believe that their nation’s critical infrastructure is extremely vulnerable or vulnerable to some type of significant cyberattack and want government more involved in cybersecurity strategies and defenses. Going further they recommend specific actions government should take, leading with: providing better ways to share security information with the private sector; incentives to organizations that improve cybersecurity; and funding for cybersecurity training and education.
“There’s lots of research indicating a global cybersecurity skills shortage but there was almost nothing that looked at the associated ramifications. Based upon the two ESG/ISSA reports, we now know that beyond the personnel shortage alone, cybersecurity professionals aren’t receiving appropriate levels of training, face an increasing workload, and don’t always receive adequate support from the business,” said Jon Oltsik, Senior Principal Analyst at the Enterprise Strategy Group (ESG). “Simply stated, these findings represent an existential threat. How can we expect cybersecurity professionals to mitigate risk and stay ahead of cyberthreats when they are understaffed, underskilled, and burned-out?”
Based upon the data collected from the first global survey to capture the voice of cybersecurity professionals on the state of their profession, this final report of the two-part series, titled “Through the Eyes of Cybersecurity Professionals: Annual Research Report (Part II),” concludes:
• The clear majority (92 percent) believe that an average organization is vulnerable to some type of cyberattack or data breach.
• People and organizational issues contribute to the onslaught of security incidents.
• Most organizations are feeling the effect of the global cybersecurity skills shortage.
• Cybersecurity professionals have several suggestions to help improve the current situation.
• Sixty-two percent (62 percent) believe critical infrastructure is very vulnerable to cyberattacks.
• Sixty-six percent (66 percent) believe government cybersecurity strategy tends to be incoherent and incomplete.
• Eighty-nine percent (89 percent) of cybersecurity professionals want more help from their governments.
“The results gleaned from this research are both alarming and enlightening. Alarming in the sense that if we don’t collectively pay attention to the cries for help, we will put businesses unnecessarily at risk. Enlightening in that organizations need to be willing to invest in their cybersecurity professionals, with clearly defined career paths and skills development in order to hire and retain qualified employees,” said Candy Alexander, cybersecurity consultant and ISSA’s Chair of the Cybersecurity Career Lifecycle. “This research data will help the ISSA and other professional groups to clearly define career paths for our profession.”
The report also lays out the “Top 5 Research Implications” as a guideline for cybersecurity professionals and the organizations they work for. Added Oltsik, “Assume your organization will experience one or several cyberattacks or data breaches and take the cybersecurity skills shortage into account as part of every initiative and decision. Push for more all-inclusive cybersecurity training and, as importantly, get involved in educating and lobbying business executives and lobby government legislators alike.”
Read more: https://www.issa.org/page/issaesg_survey_P2