Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

1/21/2015
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

As State of the Union Tackles Cybersecurity, New ISACA Survey Shows 86% See a Cybersecurity Skills Shortage

Rolling Meadows, IL, USA (January 20, 2015)—A new global survey of more than 3,400 members of IT association ISACA shows that close to half (46 percent) of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today. Yet an alarming 86 percent say there is a global shortage of skilled cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack. The 2015 Global Cybersecurity Status Report survey was conducted just one week before US President Barack Obama’s State of the Union address, which will discuss a range of actions to reduce cyberthreats and data privacy risks.

“ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organizations worldwide,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “As Washington calls for action, we hope they take a clear and straight-forward approach, working in close coordination with industry. Cybersecurity is everyone’s business, and creating a workforce trained to prevent and respond to today’s sophisticated attacks is a critical priority.”

The 2015 Global Cybersecurity Status Report, conducted January 13-15, 2015, is based on online polling of 3,439 ISACA members in 129 countries, including 1,211 members in the US. The survey has +/- 1.7 percent margin of error at a 95 percent confidence level.

Support for Proposed 30-day Breach Notification Law

Survey results show that 76 percent agree or strongly agree with President Obama’s proposed federal law requiring companies to notify consumers of a data breach within 30 days. When asked about obstacles to timely notification, respondents ranked company concern about corporate reputation first (55 percent), followed by inadequate system design (15 percent), increased cost (13 percent) and insufficient staffing (10 percent).

Data breaches at a series of well-known retailers in 2014 made the issue of data security highly visible to consumers and highlighted the struggles that companies face in keeping data safe. Finding and retaining skilled cybersecurity employees is one of those challenges. In fact, 92 percent of ISACA’s survey respondents whose organizations will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates.

“As the world grapples simultaneously with escalating cyberattacks and a growing skills shortage, ISACA believes that it is absolutely essential to develop and train a robust cybersecurity workforce. That is why we launched the Cybersecurity Nexus (CSX) in 2014. We take very seriously our role in addressing the skills gap through skills-based credentials, training, guidance and mentoring programs,” noted Stroud.

ISACA is a global leader in cybersecurity. The association assisted the National Institute of Standards and Technology (NIST) in the development of the U.S. Cybersecurity Framework, and ISACA’s Cybersecurity Nexus (CSX) is one of the first and most comprehensive resources to support security professionals at every level of their careers.

In late 2014, ISACA launched the Cybersecurity Fundamentals Certificate, designed for university students and recent graduates, entry-level security professionals, and those seeking a career change. The certificate addresses the global skills shortage by helping organizations quickly identify candidates with a foundational level of cybersecurity knowledge, while helping the most qualified job seekers distinguish themselves.

In October 2015, ISACA will host the first CSX conference in Washington DC to bring together global thought leaders in cybersecurity.

For additional survey results, graphics and insights from cybersecurity experts, visit www.isaca.org/cybersecurityreport . To learn about the credentials, guidance and resources offered in ISACA’s CSX, visit www.isaca.org/cyber.

About ISACA

With more than 115,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity and information systems audit,  risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT®, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Contact:

Kristen Kessinger, +1.847.660.5512, [email protected]

Joanne Duffer, +1.847.660.5564, [email protected]

Rachel Acevedo, +1.847.660.5617, [email protected]

Cybersecurity Nexus Newsroom: www.isaca.org/cybersecurity-news

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7779
PUBLISHED: 2020-11-26
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, [email protected]-----------------------------------------------------------!.
CVE-2020-7778
PUBLISHED: 2020-11-26
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVE-2020-29128
PUBLISHED: 2020-11-26
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
CVE-2020-27251
PUBLISHED: 2020-11-26
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
CVE-2020-27253
PUBLISHED: 2020-11-26
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.