Checking in on Cyber Security: Where Do You Stand?

Lisa Eifert

Independent, nonprofit, global association ISACA recently released the second part of its annual global cyber security survey, “Current Trends in the Threat Landscape.” Targeted at managers and practitioners with cyber security job responsibilities, the survey set out to glean new insights into the current state of cyber security. What does the data say, and what takeaways does it yield for today’s forward-thinking organizations? Here’s a closer look.

Rising Threats, Slowing Resources

According to the report, “The practice of cyber security in a real-world context can often feel to the practitioner like standing at ground zero between the proverbial irresistible force and an immovable object. As attacker sophistication and skill seem to increase exponentially, the resources available to defend against them (e.g., staff and supporting tools) seem harder and harder to come by. The cyber security function feels short-staffed, underfunded and always struggling to do more with less.”

ISACA’s findings reveal that these perceptions hold up—and then some. For starters, the report reveals an “increasingly hostile” threat environment in which a staggering 80 percent of respondents—compared to just 53 percent the prior year—believed it was either “likely” or “very likely” they’d experience a cyber attack in 2017.

Despite these concerns, however, the survey also indicates that while many enterprises do anticipate increasing their cyber security budgets moving forward, the rate of growth has slowed. While 61 percent of survey respondents projected budget growth in this area last year, just 50 percent cited an expected increase for 2017. This slowdown suggests the likelihood of increased cyber security challenges in the near future.

Emerging Areas of Concern

While fears about cyber security threats are nothing new, the survey also revealed shifts in areas of concern. Specifically, while concerns about mobile are on the decline, uncertainty regarding the Internet of Things (IoT) and ransomware came on strong over the past year. And yet many organizations still lacked formal processes for managing the cyber security ramifications of the growing foothold of these technologies. In fact, 16 percent of organizations don’t even have incident response plans in place, according to ISACA—meaning that they’ll be flying blind if and when an attack does occur.

What Does This Mean for Your Organization?

Based on its findings, ISACA warns, “Attacks are likely to increase; likewise, sophistication of attacks may continue to increase. Challenges associated with prevention and response are likely to increase due to both volume and complexity.”

The consequent mandate for enterprises looking to protect themselves and their constituents? “We must be proactive in developing our cyber readiness and cyber resilience. Preparedness and vigilance make us successful—but they also require action.”

One action highlighted by the report? The need for organizations to hire and maintain strong cyber security workforces. However, this is just part of the equation. The value of communication and documentation is often both overlooked and underestimated. Advises ISACA, “We must also facilitate better information sharing—both better dissemination of what we know and better intelligence gathering so we know more—to ensure that organizations are as well connected to information on the latest threats as their adversaries are.”

Echoed Christos Dimitriadis, board chair and group head of information security at INTRALOT, in a Business Continuity Institute article, “There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner.” However, by hiring the right people and by shoring up your organizational infrastructure, including through the development and implementation of a comprehensive emergency action plan,  you can position your organization to successfully navigate the increasingly complex terrain of cyber security.