60% in IT expect a cyberattack on their organisation
Following recent hacks, over 60% ANZ IT Professionals expect a cyberattack to affect their organisation in 2015
New ISACA Survey Shows 85% of IT Professionals See a Cybersecurity Skills Shortage
SYDNEY, AUSTRALIA (22January 2015)—A new global survey of more than 3,400 members of IT association ISACA shows that close to half (46 per cent) of respondents expect their organisation to face a cyberattack in 2015. Locally, in Australia/New Zealand (ANZ), respondents feel that attack is even more likely with 61 per cent expecting a cyberattack this year. This is concerning, since less than half of ANZ IT professionals (43 per cent) say they are prepared, likely due to a global shortage of skilled cybersecurity personnel.
Alarmingly, more than 85 per cent of ANZ members surveyed believe there is a shortage of skilled cybersecurity professionals, and similarly 85 per cent of ISACA’s local survey respondents whose businesses will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates.
“Data breaches at a series of well-known retailers in 2014 made the issue of data security highly visible to consumers and highlighted the struggles that companies face in keeping data safe. Given the latest news this week of a large Australian travel insurance company being hacked, we expect the problem is set to increase. Local companies and government entities must be prepared to address issue of cybersecurity head on and ensure their organisations are ready to respond swiftly if attacked,” stated Garry Barnes, ISACA International Vice President and Governance Advisory Practice Lead at Vital Interacts, based in Sydney.
“ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organisations worldwide,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “As government leaders call for action, we hope they take a clear and straight-forward approach, working in close coordination with industry. Cybersecurity is everyone’s business, and creating a workforce trained to prevent and respond to today’s sophisticated attacks is a critical priority.”
Globally, ISACA’s survey shows that more than three-quarters of respondents support US President Barack Obama’s proposed 30 Day Breach Notification Law as discussed in the State of the Union Address.
Finding and retaining skilled cybersecurity employees is a key challenge, with only 43 per cent of ANZ IT professionals stating they feel the organisation would be prepared to fend off a sophisticated attack. When asked about hiring entry-level cybersecurity candidates, 53 per cent said it is difficult to identify who has an adequate level of skills and knowledge.
“As the world grapples simultaneously with escalating cyberattacks and a growing skills shortage, ISACA believes that it is absolutely essential to develop and train a robust cybersecurity workforce. That is why we launched the Cybersecurity Nexus (CSX) in 2014. We take very seriously our role in addressing the skills gap through skills-based credentials, training, guidance and mentoring programs,” said Barnes.
When recruiting skilled staff, companies must have a realistic understanding of what they can do well and what they cannot in cybersecurity. CIOs, CISOs and security leaders must revisit the organisational structure and skills of their security teams and IT staffs that have any responsibility for securing information assets. This analysis involves a deep review of what currently are or can be core competencies for the organisation, and where they might need help from outsiders.
Barnes added that the cybersecurity plan also needs to be taken off the shelf and reassessed and updated for an organisation and its professionals to be adequately prepared. Security practitioners need to understand the relationship between their organisation, its people, its IT assets and the kinds of adversaries and threats they are facing. It is only through this analysis can the right cybersecurity program be designed and implemented where budget, skills, intensity and performance all are balanced at the appropriate levels.
ISACA’s Support in Cybersecurity
ISACA is a global leader in cybersecurity. The association assisted the North American-based National Institute of Standards and Technology (NIST) in the development of the U.S. Cybersecurity Framework, and ISACA’s Cybersecurity Nexus (CSX) is one of the first and most comprehensive resources to support security professionals at every level of their careers.
In late 2014, ISACA launched the Cybersecurity Fundamentals Certificate, designed for university students and recent graduates, entry-level security professionals and those seeking a career change. The certificate addresses the global skills shortage by helping organisations quickly identify candidates with a foundational level of cybersecurity knowledge, while helping the most qualified job seekers distinguish themselves. In October 2015, ISACA will host the first CSX conference in Washington DC to bring together global thought leaders in cybersecurity.
The 2015 Global Cybersecurity Status Report, conducted January 13-15, 2015, is based on online polling of 3,439 ISACA members in 129 countries, with 121 respondents from Oceania (comprising Australia, New Zealand and Papua New Guinea). The survey has +/- 1.7 per cent margin of error at a 95 per cent confidence level. For additional survey results, graphics and insights from cybersecurity experts, visit www.isaca.org/cybersecurityreport . To learn about the credentials, guidance and resources offered in ISACA’s CSX, visit www.isaca.org/cyber.
With more than 115,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity and information systems audit, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus™, a comprehensive set of resources for
cybersecurity professionals, and COBIT®, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials. The association has more than 200 chapters worldwide.