One in five businesses has experienced an APT attack, yet 62% of enterprises are not increasing security training in 2014
Rolling Meadows, IL, USA (25 April 2014)—One in five IT security professionals say their enterprises have been the target of an advanced persistent threat (APT) yet 62 percent of organizations have not increased security training in 2014, according to the ISACA 2014 APT Survey. A separate study by Cisco estimates that close to 1,000,000 positions for security professionals remain unfilled.1 These indicators of a massive talent shortage are compounded by a skills gap, with few cybersecurity programs emphasizing expertise in business strategy and communication, in addition to technology. To help address this growing worldwide skills crisis, global IT association ISACA today launched the Cybersecurity Nexus (CSX) program at its North America CACS conference.
CSX, developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, fills an unmet need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications, education, mentoring and community. All CSX materials are designed to provide security-related information within the larger business context.
“Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend against them,” said Robert Stroud, ISACA international president-elect and vice president of strategy and innovation for IT Business Management at CA Technologies. “ISACA is proud to help close this gap with a comprehensive program that provides expert-level cybersecurity resources tailored to each stage in a cybersecurity professional’s career.”
The continued growth of cyberattacks comes with a steep price tag. A World Economic Forum/McKinsey report estimates that not changing current approaches to cybersecurity could cost the global economy US $3 trillion.2
CSX, located at www.isaca.org/cyber, includes career development resources, frameworks, community and research guidance such as Responding to Targeted Cyberattacks and Transforming Cybersecurity Using COBIT 5.
The CSX program reflects ISACA’s ongoing collaboration with other global organizations at the center of cybersecurity, such as NIST (U.S. National Institute of Standards and Technology) and ENISA (European Union Agency for Network and Information Security). ISACA will also host the World Finals of the EC-Council-run CyberLympics ethical hacking competition at its upcoming EuroCACS/Information Security and Risk Management Conference in Barcelona.
Next Generation of Cyber Defenders
The CSX program marks the first time in its 45-year history that ISACA will offer a security-related certificate. The association’s four certifications—including the Certified Information Security Manager (CISM) credential—require both an exam and proof of work experience. Ideal for recent university graduates and IT professionals seeking to change fields, the Cybersecurity Fundamentals Certificate requires applicants to pass a knowledge-based exam that provides objective proof of subject mastery to potential employers.
Student interest in cybersecurity careers is strong. A recent global poll of members of ISACA student chapters shows that 88 percent of the ISACA student members surveyed say they plan to work in a position that requires some level of cybersecurity knowledge. However, fewer than half say they will have the adequate skills and knowledge they need to do the job when they graduate.
“Security is always one of the top three items on a CIO’s mind, yet IT and computer science programs at the university level are not allocating a proportional amount of training to cybersecurity,” said Eddie Schwartz, vice president of global cybersecurity and consulting solutions at Verizon Enterprise Solutions and chair of ISACA’s Cybersecurity Task Force. “Today, there is a sizeable gap between formal education and real world needs. This, in itself, is an area requiring immediate focus so that the industry can get better at detecting and mitigating cyberthreats.”
“Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders,” noted ISACA International President Tony Hayes.
Upcoming elements in the Cybersecurity Nexus program include a mentoring program, a practitioner-level cybersecurity certification, SCADA guidance, training courses, implementation guidance related to the US Cybersecurity Framework developed by NIST and teaching materials for professors.
With more than 115,000 constituents in 180 countries, ISACA (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus™, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Kristen Kessinger, +1.847.660.5512, [email protected]
Joanne Duffer, +1.847.660.5564, [email protected]
Rachel Acevedo, +1.847.660.5617, [email protected]
1 Cisco 2014 Annual Security Report
2 Risk and responsibility in a hyperconnected world: Implications for enterprises, The World Economic Forum and McKinsey & Company