Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

4/16/2015
09:50 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Study: 82% of Organizations Expect a Cyberattack, Yet 35% Are Unable to Fill Open Security Jobs

Global Talent Pool Reflects Urgent Skills Shortage and Hiring Delays

Rolling Meadows, IL, USA (16 April 2015)—According to a study by ISACA and RSA Conference, 82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business. More than one in three (35 percent) are unable to fill open positions. These are the key findings of State of Cybersecurity: Implications for 2015, a study conducted by ISACA, a global leader in cybersecurity, and RSA Conference, organizers of prominent, global cybersecurity events.

Based on a global survey of 649 cybersecurity and IT managers or practitioners, the study shows that 77 percent of those polled experienced an increase in attacks in 2014 and even more (82 percent) view it as likely or very likely that their enterprise will be attacked in 2015. At the same time, these organizations are coping with a very shallow talent pool. Only 16 percent feel at least half of their applicants are qualified; 53 percent say it can take as long as six months to find a qualified candidate; and more than a third are left with job openings they cannot fill.

A portrait of the ideal cybersecurity professional emerges from this list of shortfalls: the top three attributes are a formal education, practical experience and certifications.

“The State of Cybersecurity study reveals a high-risk environment that is being made worse by the lack of skilled talent,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “ISACA is collaborating with industry and government to close this gap through resources designed specifically to meet the unique and complex requirements of the cybersecurity profession.”

As cybersecurity incidents increase, it is important to examine the surrounding issues. The collaboration between RSA Conference and ISACA explores recent issues such as hacks, attacks, flaws, security structures, budgets and policies.

“The survey findings reflect what we are seeing and hearing from our speakers and attendees,” said Fahmida Y. Rashid, editor-in-chief, RSA Conference. “The 2015 RSA Conference brings together professionals, experts and executives to share information about the latest attacks and exchange security strategies. This year’s hot topics include detecting and responding to security breaches, practical ways to consume threat intelligence, and understanding the ‘Human Element.’” 

The study reveals that organizations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff. The top four threat actors exploiting organizations in 2014 were cybercriminals (46 percent), non-malicious insiders (41 percent), hackers (40 percent) and malicious insiders (29 percent). Sixty-four percent are very concerned or concerned about the Internet of Things, and less than half feel their security teams are able to detect and respond to complex incidents.

Despite these gaps, this specialized area is growing in prominence within the business. The 2015 State of Cybersecurity report documents a job function that is quickly attracting increased visibility and investment:

  • 79 percent say their board of directors is concerned with cybersecurity
  • Close to a third report either to the CEO (20 percent) or to the board (11 percent)
  • 55 percent employ a chief information security officer (CISO)
  • 56 percent will spend more on cybersecurity in 2015 and 63 percent say their executive team provides appropriate funding

“If there is any silver lining to this looming crisis, it is the opportunities for college graduates and professionals seeking a career change. Cybersecurity professionals are responsible for protecting an organization’s most valuable information assets, and those who are good at it can map out a highly rewarding career path,” noted Stroud. 

RSA Conference Editor-in-Chief Fahmida Y. Rashid and ISACA International President Robert Stroud will present the results and implications of the study at the RSA Conference at 8am PT on Wednesday, 22 April, at the Moscone Center in San Francisco, California.

State of Cybersecurity: Implications for 2015 survey is available as a free download at www.isaca.org/state-of-cybersecurity-2015. Conducted 20-29 January 2015, State of Cybersecurity: Implications for 2015 is based on online polling of 649 ISACA certification holders and RSA Conference constituents. The survey has +/-3.8 percent margin of error at a 95 percent confidence level.

ISACA assisted the National Institute of Standards and Technology (NIST) by providing input for the US Cybersecurity Framework and launched Cybersecurity Nexus (CSX) in 2014. CSX is a global resource to help identify, develop and train a skilled cybersecurity workforce. The inaugural CSX North America conference will take place 19-21 October in Washington DC. For more information, visit www.isaca.org/cyber.

ISACA

A global association of 140,000 professionals in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking and career development for cybersecurity, IS audit, assurance, risk, privacy and governance professionals.

RSA Conference

RSA® Conference is the premiere series of global events where the world talks security and leadership gathers, advances and emerges. Whether attending in the U.S., the EMEA region, or the Asia-Pacific region, RSA Conference events are where the security industry converges to discuss current and future concerns and get access to the people, content and ideas that help enable individuals and companies to win, grow and do their best. It is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential and thought-provoking thinkers and leaders in security today. For information on events, online programming and the most up-to-date news pertaining to the information security industry visit www.rsaconference.com.

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20288
PUBLISHED: 2021-04-15
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associa...
CVE-2021-31229
PUBLISHED: 2021-04-15
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-28548
PUBLISHED: 2021-04-15
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploi...
CVE-2021-28549
PUBLISHED: 2021-04-15
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploi...
CVE-2021-30209
PUBLISHED: 2021-04-15
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.