Fortifying cybersecurity defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, new research from CompTIA, the nonprofit association for the information technology (IT) industry and workforce, reveals.
While a majority of respondents in each of seven geographic regions feels that their company’s cybersecurity is satisfactory, CompTIA’s 'State of Cybersecurity' shows that a much smaller number rank the situation as 'completely satisfactory'. Nearly everyone feels that there is room for improvement.
Seth Robinson, Vice Rresident of Industry Research, CompTIA, says, "Companies are aware of the threats they face and the potential consequences of an attack or breach. But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cybersecurity considerations are the growing volume of cybercriminals, cited by 48% of respondents, and the growing variety of cyberattacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
Robinson says, “Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges, both tactically and financially. As IT operations and strategy have grown more complex, so has the management of cybersecurity.”
As cybersecurity is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting.
The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy. Multifactor authentication is in place at 46% of companies and cloud workload governance at 41%.
Among other changes in organisations’ approach to cybersecurity:
- 43% of companies have placed a higher priority on incident response
- 39% are deploying a more diverse set of technology tools, with SaaS monitoring and management tools making a substantial jump in adoption
- 38% are increasing their focus on process improvements
- 37% are shifting to more proactive measures
- 36% are expanding employee education
Adopting a total zero-trust philosophy, including setting specific, strategic objectives will address many problems companies face. But there are substantial hurdles to overcome, such as closing the communications gap that exists between the technology and business sides of organisations. The overall rate of business staff participation is too low for a business-critical function.
Nearly half (47%) of small businesses have the CEO or owner as part of the cybersecurity chain compared to 37% of mid-sized firms and 27% of large enterprises. In addition, companies are struggling to address technical skill needs, such as threat knowledge, network security and data analysis.
CompTIA’s 'State of Cybersecurity' report is based on a Q3 2022 survey of technology and business professionals involved in cybersecurity.
The CompTIA is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy.
Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce.