Global poll reveals skepticism about data breach disclosures and anticipated hiring challenges due to cybersecurity skills gap
Close to two-thirds (63%) of global IT professionals oppose giving governments backdoor access to encrypted information systems, and similar numbers (59%) feel that privacy is being compromised in an effort to implement stronger cybersecurity laws. The survey by global IT and cybersecurity association ISACA of 2,920 members in 121 countries also reveals marked scepticism about the likelihood of organisations sharing data breach information voluntarily as called for by the recently passed U.S. Cybersecurity Information Sharing Act of 2015.
ISACA’s January 2016 Cybersecurity Snapshot shows mixed attitudes toward sharing information after a data breach. Eighty-three percent of those polled favour regulation requiring companies to notify customers within 30 days of the discovery of a data breach – a 10-point increase in little more than a year. Nearly three-quarters (72%) of US respondents say they are in favour of the U.S. Cybersecurity Information Sharing Act of 2015, which encourages cyberthreat information sharing between the government and the private sector. Yet, only 46% believe their own organisation would do so voluntarily if it experiences a data breach.
“The Cybersecurity Snapshot shows that the professionals on the front lines of the cyberthreat battle recognise the value of information-sharing among consumers, businesses and government, but also know the challenges associated with doing so,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at INTRALOT. “Cybersecurity has become a high-stakes, boardroom-level issue that can have crippling consequences for any C-suite executive who lacks knowledge about the issues and risks. Strong public-private collaboration and ongoing knowledge-sharing are needed to safeguard our organisations from cybercriminals.”
Top Three Threats for 2016
The three threats that global IT and security professionals are most concerned about for their organisation this year are:
- Social engineering (52%)
- Insider threats (40%)
- Advanced persistent threats (APT) (39%)
These items outranked options frequently associated with cyberattacks, including malware, unpatched systems and distributed denial-of-service attacks.
Cyber Skills Gap Still a Big Problem
According to the findings, the cybersecurity skills gap continues to pose a significant obstacle to organisations seeking to expand their cyber workforce. Close to half (45%) of those surveyed worldwide report that they are hiring more cybersecurity professionals in 2016, yet fully 94% of those hiring say it will be difficult to find skilled candidates. Identifying who has adequate skills and knowledge will also be difficult, say more than six in 10 survey participants.
“The aggressive increase in cyberattacks worldwide is feeding a growing chasm between demand and supply in the cybersecurity talent wars. It is also shedding light on a critical problem in our industry: identifying job candidates who are truly qualified to safeguard corporate assets in a landscape that is highly complex and constantly evolving,” said Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, international vice president of ISACA and president and COO of WhiteOps.
ISACA was the first to combine skills-based vendor-neutral cybersecurity training with performance-based exams and certifications to address the cyber talent shortage with the launch the CSX Practitioner certification in August 2015.
To discuss these findings further, what businesses and government can do, and the latest findings of Australia’s cyber security policies and strategies, the Canberra Chapter of ISACA will be hosting a panel breakfast on Thursday, 31 March from7.30 to 10.30am. Speakers include Dave Campbell, Director Canberra CERT Australia, Commander David McLean, Manager Cyber Crime Operations AFP, and Professor Jill Slay, Director Australian Centre for Cyber Security UNSW. For more details and to register, click on www.isaca.org/canberra-breakfast
New Report Added to Cybersecurity Legislation Watch
To help organisations understand the implications of the new U.S. legislation, ISACA today added a new report to its Cybersecurity Legislation Watch centre, part of Cybersecurity Nexus (CSX). The report, US Enacts Cybersecurity Information Sharing Legislation, analyses the Cybersecurity Act of 2015 (P. L. 114-113), which was recently passed by the US Congress and signed by President Barack Obama. The report includes a look at the background of the act, its expected impact on business and criticisms from privacy advocates. To view the special report, visit www.isaca.org/cybersecurity-legislation.
ISACA launched Cybersecurity Nexus (CSX) in 2014 to help address a growing worldwide cybersecurity skills crisis. CSX is a central location of cybersecurity research, guidance, certificates and certifications, education, mentoring and community. ISACA recently introduced skills-based training with performance-based exams and CSX certifications to help professionals build and evolve their careers in cybersecurity. Last year marked the successful debut to a sold-out crowd of the North America CSX 2015 Conference, dedicated specifically to cybersecurity. In 2016 ISACA is expanding the cybersecurity event to Europe and Asia.
ISACA (www.isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial