Close to two-thirds (63 percent) of global IT professionals oppose giving governments backdoor access to encrypted information systems, and similar numbers (59 percent) feel that privacy is being compromised in an effort to implement stronger cybersecurity laws. For the European region, these figures increase to 67.7 percent opposed to giving governments backdoor access, and 61.1 percent register as feeling privacy is being compromised in legislative efforts. The survey by global IT and cybersecurity association ISACA of 2,920 members in 121 countries also reveals marked skepticism about the likelihood of organisations sharing data breach information voluntarily as called for by the recently passed U.S. Cybersecurity Information Sharing Act of 2015.
ISACA’s January 2016 Cybersecurity Snapshot shows mixed attitudes toward sharing information after a data breach. Of those polled, 83 percent overall (with a minor difference in Europe, coming in at 82.4 percent) are in favour of regulation requiring companies to notify customers within 30 days of the discovery of a data breach – a 10-point increase in little more than a year.
“The Cybersecurity Snapshot shows that the professionals on the front lines of the cyberthreat battle recognise the value of information-sharing among consumers, businesses and government, but also know the challenges associated with doing so,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at Intralot. “Cybersecurity has become a high-stakes, boardroom-level issue that can have crippling consequences for any C-suite executive who lacks knowledge about the issues and risks. Strong public-private collaboration and ongoing knowledge-sharing are needed to safeguard our organisations from cybercriminals.”
Top Three Threats for 2016
The three threats that global IT and security professionals are most concerned about for their organisation this year are:
- Social engineering (52%)
- Insider threats (40%)
- Advanced persistent threats (APT) (39%)
In Europe, the top three list is the same, with slightly changed percentages:
- Social engineering (48.1%)
- Insider threats (38.4%)
- Advanced persistent threat (APT) (38.1%)
These items outranked options frequently associated with cyberattacks, including malware, unpatched systems and distributed denial-of-service attacks.
Cyber Skills Gap Still a Big Problem
According to the findings, the cybersecurity skills gap continues to pose a significant obstacle to organisations seeking to expand their cyber workforce. Close to half (45 percent) of those surveyed worldwide report that they are hiring more cybersecurity professionals in 2016, though that drops to 44 percent in Europe, yet fully 94 percent (97percent in Europe) of those hiring say it will be difficult to find skilled candidates. Identifying who has adequate skills and knowledge will also be difficult, say more than six in 10 survey participants.
“The aggressive increase in cyberattacks worldwide is feeding a growing chasm between demand and supply in the cybersecurity talent wars. It is also shedding light on a critical problem in our industry: identifying job candidates who are truly qualified to safeguard corporate assets in a landscape that is highly complex and constantly evolving,” said Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, international vice president of ISACA and president and COO of WhiteOps.
ISACA was the first to combine skills-based vendor-neutral cybersecurity training with performance-based exams and certifications to address the cyber talent shortage with the launch the CSX Practitioner certification in August 2015.
New Report Added to Cybersecurity Legislation Watch
To help organisations understand the implications of the new U.S. legislation, ISACA today has also added a new report to its Cybersecurity Legislation Watch center, part of Cybersecurity Nexus (CSX). The report, US Enacts Cybersecurity Information Sharing Legislation, analyses the American Cybersecurity Act of 2015 (P. L. 114-113), which was recently passed by the US Congress and signed by President Barack Obama. The report includes a look at the background of the act, its expected impact on business and criticisms from privacy advocates. To view the special report, visit www.isaca.org/cybersecurity-legislation.
ISACA launched Cybersecurity Nexus (CSX) in 2014 to help address a growing worldwide cybersecurity skills crisis. CSX is a central location of cybersecurity research, guidance, certificates and certifications, education, mentoring and community. ISACA recently introduced skills-based training with performance-based exams and CSX certifications to help professionals build and evolve their careers in cybersecurity. Last year marked the successful debut to a sold-out crowd of the North America CSX 2015 Conference, dedicated specifically to cybersecurity. In 2016 ISACA is expanding the cybersecurity event to Europe and Asia.