ISACA Study Addresses Global Cybersecurity Challenges
A leading principle of addiction recovery programs is that you can't fix a problem until you acknowledge that it exists. Business, government, and organizational leaders have been getting regular reminders of the exploitable nature of current cybersecurity technology for several years in a row now.
According to a new study released last week by cybersecurity and governance association ISACA, the message is finally getting through. The problem still exists, and may get worse before it gets better, but awareness and understanding of the challenges that must be overcome is growing.
Wanted: Skilled Personnel
It's been observed over and over again that there aren't enough skilled cybersecurity professionals to go around. ISACA's State of Cybersecurity 2018 report reaffirms the shortage. Almost 60 percent of organizations have open security jobs, and 54 percent say that it takes three months or longer to fill such jobs.
Those numbers are bad, but show gradual improvement from 2017, when 62 percent of organizations reported that filling an open job took three months or longer. There's also been incremenetal improvement in the availability of qualified cybersecurity professionals, with more job candidates possessing essential skills.
Better Outlook for Women
The cybersecurity field has been dominated by male professionals for decades, meaning that there's a vast untapped pool of potential cybersecurity talent available. Recent research indicates that barely more than 10 percent of active cybersecurity professionals are women.
ISACA's study reveals that far more men (82 percent of survey respondents) than women (51 percent) believe that male and female security professionals are given the same career advancement opportunities. Organzations are aware of the challenge, however, with half of businesses surveyed fielding programs to promote gender diversity among cybersecurity professionals.
Cybersecurity Spending on the Rise
Spending money isn't the only means of attacking the problem, but increased spending on cybersecurity is vital. After a lag in the growth of cybersecurity budgets over the last two years, however, ISACA found that the rate of expansion has picked up again: 64 percent of organization plan to either increase spending (53 percent) or increase it significantly (11 percent) in 2018.
The pickup in spending, it would appear, is being largely driven by heightened awareness of, and sensitivity to, cybersecurity threats. Half of all irganizations queried say they dealt with an increased number of cyberattacks last year, and 80 percent think it is either likely (38 percent) or very likely (42 percent) that they will be subjected to at least one attack in 2018.
Work Still to Be Done
Rome wasn't built in a day, as the saying goes, and it will take consistent effort over many years to address the current cybersecurity crisis. Cybersecurity certification will almost certainly be part of the long-term solution, with individuals both entering the field and building a varied skill set by pursuing and securing various credentials.
Certification played a major role in generating ISACA's findings: The 2,366 individuals who contributed to State of Cybersecurity study are all holders of its Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner (CSX) credentials.
Materials released last week by ISACA are labeled "Part 1: Workforce Development," so expect full disclosure of findings from the State of Cybersecurity 2018 report to be ongoing throughout the year.