Breaking News Bar
posted: 7/7/2017 1:00 AM

Survey: Cyber crime awareness up, but preparedness still lags

hello
Success - Article sent! close
  • Although awareness in cybercrime is at a peak, many companies are not confident their staffs can handle a major attack from a hacker, according to the State of Cyber Security Study 2017 from Rolling Meadows-based IT Association ISACA.

    Although awareness in cybercrime is at a peak, many companies are not confident their staffs can handle a major attack from a hacker, according to the State of Cyber Security Study 2017 from Rolling Meadows-based IT Association ISACA.
    courtesy of ISACA

  • Robert Clyde

    Robert Clyde

  • Although awareness in cybercrime is at a peak, many companies are not confident their staffs can handle a major attack from a hacker, according to the state of Cyber Security Study 2017 from Rolling Meadows-based IT Association ISACA.

    Although awareness in cybercrime is at a peak, many companies are not confident their staffs can handle a major attack from a hacker, according to the state of Cyber Security Study 2017 from Rolling Meadows-based IT Association ISACA.
    courtesy of ISACA

 
 

There is no doubt that keeping data safe from cyber criminals is on top of every business owner's mind. But while awareness is at a peak, a gap remains on how prepared companies are in securing their information.

A recent survey of information technology and security officials by Rolling Meadows-based IT Association ISACA revealed 80 percent believe they are likely to experience a cyberattack this year, while more than half reported an increase of attacks from the previous year.

Although awareness is up, half of the respondents in ISACA's state of Cyber Security Study 2017 don't feel comfortable with their cyber team's ability to address anything beyond simple issues, while more than half say cyber security professionals lack an ability to understand the business.

ISACA board of directors Vice-Chair Robert Clyde notes part of that gap is due to a shortage of trained, certified cyber security professionals coming through the educational system.

However, he adds that a portion is also the result of organizations not investing enough in its security resources. While the survey found 27 percent of the respondents spent at least $2,500 per professional on education and training, 25 percent spent less than $1,000.

"Most organizations are simply not spending enough," Clyde said. "Unless you're spending $2,500 ... or probably a bit more ... on that, you really have no hope of providing education for your cybersecurity staff so they can keep up with things."

Clyde, who also serves as executive chair of Austin, Texas-based White Cloud Security, noted a positive from the survey was an increasing number of organizations that have hired a chief information security officer to lead data security efforts.

A total of 65 percent said they have such a position in 2017, up from 50 percent the previous year.

While that shows businesses are recognizing the need to put someone in charge of data security, Clyde notes not coupling that with sufficient staff training is like hiring a police chief, but not giving his officers the tools to enforce the law.

"It'd be like the police chief saying 'My people are good at routine traffic stops, but if there is any serious crime, we're not going to be able to handle that,'" he said.

So how does your company meet the security challenge?

Clyde said the education system is recognizing the need for data security professionals programs, but it will still be a few years before schools can catch up with the need to fill openings.

"We recognize there are not enough professionals trained by universities, and we need to fix that," he added. "But it'll take a while to go through the entire system."

He suggested companies find people who have related skills -- like IT or networking backgrounds -- and train them in through certification programs like ISACA's Cybersecurity Nexus (CSX).

"Don't just hire the best, most experience person because, in reality, you're just going to steal them from somebody else," Clyde said. "And somebody else is going to steal that person from you, because there really is a shortage.

"An alternate approach that will increase the number of qualified people, is to consider hiring people straight out of school without experience and train them," he added. "It will be less expensive and you can hold on to them longer."

Beyond training your own professionals, Clyde stressed the need to maintain excellent data backup systems, and also recommended companies look at trusted app listings or next generation white listings, which will only allow trusted codes to run on your system.

"It ensures only known, good code will run on your system," he said. "If a ransomware is loaded on system with white lists, it will not run because it is not on listing.

"I like this kind of approach because it prevents the kind of mistakes by users where they click or download something that could cause attack."