The new survey report from Information Systems Audit and Control Association (ISACA) states that organizations with understaffed cybersecurity roles and teams are less confident in their ability to respond to threats and are exposed to a greater number of cyberattacks.
The survey “The State of Cybersecurity 2020 Survey Report” revealed that only 21% of significantly understaffed respondents admitted that they are confident in their organization’s ability to respond to threats, while respondents who indicated that their enterprise was appropriately staffed to face threats have 50% confidence level . The survey also revealed that enterprises are struggling to fill security roles due to the time it takes to hire, leaving a majority of organizations (62%) understaffed. Around 35% of enterperises that take three months to hire security personnel reported an increase in attacks and 38% from those taking six months or more. In addition, 42% of organizations that are unable to fill open security positions are experiencing more attacks.
Most Reported Attack Types
According to the survey findings, most respondents believe that their organization will be hit by a cyberattack soon, with 53% thinking it is likely they will experience one in the next 12 months. Cyberattacks are also continuing to increase, with 32% of respondents reporting an increase in the number of attacks relative to a year ago.
The survey also listed the top attack types, which include social engineering (15%), advanced persistent threat (10%) and ransomware and unpatched systems (9%). It also stated that a majority of respondents believe that cybercrime remains underreported, with 62% of security professionals believing that enterprises are failing to report cybercrimes, even when they have a legal or contractual obligation to do so.
Only 30% of those surveyed use artificial intelligence and machine learning solutions as a direct part of their security operations for fighting the cyberattacks.
“These survey results confirm what many cybersecurity professionals have known for some time and in particular during this health crisis—that attacks have been increasing and are likely to impact their enterprise in the near term. It also reveals some hard truths our profession needs to face around the need for greater transparency and communication around these attacks,” said Ed Moyle, lead writer of the report.
“Security controls come down to three things—people, process and technology—and this research spotlights just how essential people are to a cybersecurity team. It is evident that cybersecurity hiring, and retention can have a very real impact on the security of enterprises. Cybersecurity teams need to think differently about talent, including seeking non-traditional candidates with diverse educational levels and experience,” said Sandy Silk, CISSP, Director of IT Security Education & Consulting, Harvard University, and ISACA cybersecurity expert.