According to a study by ISACA and RSA Conference, 82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool viewed as unable to handle complex threats. Thirty-five percent are unable to fill open positions, according to State of Cybersecurity: Implications for 2015, a study conducted by ISACA, a leader in cybersecurity, and RSA Conference, organizers of cybersecurity events.
Based on a global survey of 649 cybersecurity and IT managers or practitioners, 77 percent experienced an increase in attacks in 2014 and 82 percent view it as likely or very likely that their enterprise will be attacked in 2015. At the same time, these organizations are coping with a shallow talent pool. Only 16 percent feel at least half of their applicants are qualified and 53 percent say it can take as long as six months to find a qualified candidate.
The top attributes of an ideal cybersecurity professional include practical experience and certifications.
“The study reveals a high-risk environment that is made worse by the lack of skilled talent,†said Robert E Stroud, CGEIT, CRISC, international president of ISACA. “ISACA is working to close this gap through resources designed specifically to meet the unique and complex requirements of the cybersecurity profession.â€
The report explores recent issues such as hacks, attacks, flaws, security structures, budgets and policies.
“The survey findings reflect what we are hearing from our speakers and attendees,†said Fahmida Y. Rashid, editor-in-chief, RSA Conference. “The conference brings together professionals, experts and executives to share information about the latest attacks and security strategies.â€
Organizations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff—less than half feel their security teams are able to detect and respond to complex incidents.
“A silver lining to this crisis is the opportunities for college graduates and professionals seeking a career change. They are responsible for protecting an organization’s most valuable information assets, and those who are good can map out a highly rewarding career path,†noted Stroud.