The majority of organizations are more likely to suffer a cyber-attack due to a shortage of cybersecurity skills, says study.
More than half of enterprises believe they will experience a cyber-attack in the next 12 months, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report. Moreover, the volume of cyber-attacks is increasing, as 32% of them say there is an increase in attacks since 2019.
ISACA surveyed more than 2,000 respondents from over 17 industries and 102 countries. Only 30% use artificial intelligence (AI) and machine learning (ML) solutions, as a direct part of their operations capability. Social engineering (15%), advanced persistent threat (10%), and ransomware and unpatched systems (9% each) are some of the top types of the attack reported. The survey also said 62% of IT leaders believe organizations are failing to report cybercrimes, even though they are legally obligated to do so.
Offering insights on the lack of cybersecurity teams, the report said 62% of companies are
significantly understaffed. Organizations that do not have enough cybersecurity professionals and those struggling to hire skilled workforce are less confident in their ability to respond to threats. Less than a quarter of respondents said they are “significantly understaffed” and they are confident in their company’s ability to respond to threats.
The time it takes to hire cybersecurity professionals is also important to factor enterprises are prone to more attacks. Thirty-five percent of enterprises take at least three months to hire reported a rise in attacks and 38% from those taking six months or more. In addition, 42% of organizations are unable to fill open security positions are experiencing more attacks this year.
Cybersecurity hiring and retention has a real impact on the security of enterprises. It is
important for companies to have a serious approach towards the cybersecurity skills gap which has increased to more than four million, as per the (ISC)2 study. Organizations need to highlight training and professional development opportunities that contribute to the career advancement of cyber experts. It is essential to reduce the significant gap between the number of cybersecurity professionals and the number needed to keep organizations safe.