It is no secret that more and more organizations are experiencing cyberattacks, and many go undetected for lengths of time. ISACA and RSA recently joined forces on the State of Cybersecurity: Implications for 2015 survey, which uncovers issues surrounding hacks, cyberattacks, security positions, budgets and policies. As threats grow in number and complexity, it is important that organizations are equipped with the right information, team and resources to address the issues.
According to the State of Cybersecurity survey, we have seen an increase in cyberattacks from 2013 to 2015, and 82 percent of organizations are expecting to be attacked this year. This high-risk environment is made worse by the lack of skilled talent prepared for the job. Only 16 percent feel at least half of their applicants are qualified for cybersecurity roles. Fifty-three percent say it can take as long as three to six months to find a qualified candidate, and more than a third are left with unfilled job openings. So, who is watching the shop?
On a positive note, cybersecurity is now receiving more respect from leadership. A majority (56%) said that they plan on spending more on cybersecurity this year. Though most are confident in their security teams’ ability to detect and respond to incidents, less than half feel that their security teams are able to detect and respond to complex incidents. With increasingly sophisticated threats and a lack of qualified professionals, this is concerning.
But filling these positions creates an opportunity for college graduates and professionals seeking a career change. One path is to pursue certification—92 percent of respondents find certification valuable, including a majority (69%) that require certification to fill cybersecurity job openings. Practical hands-on experience and certifications can pave the way for a very rewarding career.
There is a growing need for valuable guidance, credentials, tools, networking and training for professionals in this fast-moving field. Cybersecurity is everybody’s business, and it is necessary that we work together to close the skills gap and protect our enterprises.
Robert E Stroud, CGEIT, CRISC
2014-2015 ISACA International President