Fortifying cybersecurity defenses remains a work in progress for many organizations, but many have yet to commit to the necessary resources to the effort, reveals research from CompTIA, the Downers Grove, Ill.-based nonprofit association for the information technology (IT) industry and workforce.
A Q3 2022 study of technology and business professionals involved in cybersecurity feel that their company’s cybersecurity is satisfactory, according to CompTIA’s “State of Cybersecurity,” meanwhile a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, vice president, industry research, CompTIA, in a statement. “But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed.”
Issues driving cybersecurity
Two of the top three issues driving cybersecurity considerations are the growing volume of cybercriminals, cited by 48% of respondents, and the growing variety of cyberattacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cybersecurity.”
As cybersecurity is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognizing a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy. Multifactor authentication is in place at 46% of companies and cloud workload governance at 41%. Among other changes in organizations’ approach to cybersecurity:
- 43% of companies have placed a higher priority on incident response,
- 39% are deploying a more diverse set of technology tools, with SaaS monitoring and management tools making a substantial jump in adoption,
- 38% are increasing their focus on process improvements,
- 37% are shifting to more proactive measures, and
- 36% are expanding employee education.
Adopting a total zero-trust philosophy, including setting specific, strategic objectives will address many problems companies face, says CompTIA, but there are substantial hurdles to overcome, such as closing the communications gap that exists between the technology and business sides of organizations. The overall rate of business staff participation is too low for a business-critical function. Nearly half (47%) of small businesses have the CEO or owner as part of the cybersecurity chain compared to 37% of mid-sized firms and 27% of large enterprises. In addition, companies are struggling to address technical skill needs, such as threat knowledge, network security and data analysis.