New and evolving cyber threats and assorted resource challenges frequently prevent organizations from defending themselves against cyber intrusions, according to the "2017 State of Cyber Security" study conducted by the Information Systems Audit and Control Association (ISACA).
Eighty percent of security leaders said they believe their enterprise likely will experience a cyberattack this year, and many organizations are struggling to keep pace with the rapidly expanding cyber threat environment, the study showed.
In addition, 53 percent of study respondents said they experienced a year-over-year increase in cyberattacks in 2016, the ISACA pointed out.
IoT, Ransomware Attacks Dominate Cyber Threat Landscape
The Internet of Things (IoT) surpassed mobile as the top focus for cyber defenses in 2016, the State of Cyber Security study showed, and 97 percent of security leaders said they have seen a rise in IoT usage.
Seventy-eight percent of study respondents reported malicious attacks, cyberattacks that can hinder an organization's operations or user data, in 2016, according to the ISACA.
Moreover, the study revealed 62 percent of respondents said they experienced ransomware attacks last year, the ISACA stated.
More than half of all organizations indicated cybersecurity professionals lack the ability to understand the business, the State of Cyber Security study revealed.
The study showed about one in four organizations have training budgets of less than $1,000 per cybersecurity team member, the ISACA pointed out.
However, roughly half of respondents said they will see budget increases this year, the ISACA noted.
Many Organizations Struggle to Address Cyber Threats
Fifty-three percent of security leaders noted they have a formal process in place to address ransomware, the State of Cyber Security study indicated.
Only 31 percent of study respondents stated they routinely test their security controls, and 13 percent never test them, the ISACA pointed out.
Furthermore, 16 percent of respondents said they do not have an incident response plan in place, the ISACA noted.
Sixty-five percent of organizations said they now employ a CISO, up from 50 percent last year, the State of Cyber Security study showed. Yet a CISO alone cannot handle all of an organization's security concerns, according to ISACA Board Chair Christos Dimitriadis.
"The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign," Dimitriadis said in a prepared statement. "But that's not a cure-all."
Conversely, the ISACA offered the following recommendations to help organizations address cyber threats:
- Offer training. Security professionals must receive comprehensive training, ISACA stated, and maintain their skills maintained using hands-on technical training and hands-on, performance-based assessments.
- Drive information sharing. Organizations must facilitate better dissemination of cybersecurity insights and better intelligence gathering to stay up to date about cyber threats.
- Prioritize cybersecurity. Organizations need skilled cybersecurity professionals and in-depth plans to prepare for advanced cyber threats – both of which require organizations to allocate the necessary time and resources to prioritize cybersecurity.
With the right approach to cybersecurity, organizations of all sizes and across all industries can give their cybersecurity teams the ability to address complex security issues effectively, Dimitriadis said.