A/NZ businesses not ready for cyberattacks

A survey of members of IT association ISACA shows that 61% of respondents in Australia/New Zealand (ANZ) expect their organisation to face a cyberattack in 2015. Globally, the figure is 46%.

Yet fewer than half of ANZ IT professionals (43%) say they are prepared, likely due to a global shortage of skilled cybersecurity personnel.

Alarmingly, more than 85% of ANZ members surveyed believe there is a shortage of skilled cybersecurity professionals, and similarly, 85% of ISACA’s local survey respondents whose businesses will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates.

“Data breaches at a series of well-known retailers in 2014 made the issue of data security highly visible to consumers and highlighted the struggles that companies face in keeping data safe,” said Garry Barnes, ISACA international vice president and governance advisory practice lead at Vital Interacts, based in Sydney.

“Local companies and government entities must be prepared to address issue of cybersecurity head on and ensure their organisations are ready to respond swiftly if attacked,” added Barnes.

“ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organisations worldwide,” said Robert E Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies.

“As government leaders call for action, we hope they take a clear and straightforward approach, working in close coordination with industry. Cybersecurity is everyone’s business, and creating a workforce trained to prevent and respond to today’s sophisticated attacks is a critical priority.”

Globally, ISACA’s survey shows that more than three-quarters of respondents support US President Barack Obama’s proposed 30 Day Breach Notification Law as discussed in the State of the Union Address.

Finding and retaining skilled cybersecurity employees is a key challenge, with only 43% of ANZ IT professionals stating they feel the organisation would be prepared to fend off a sophisticated attack.

When asked about hiring entry-level cybersecurity candidates, 53% said it is difficult to identify who has an adequate level of skills and knowledge.

“As the world grapples simultaneously with escalating cyberattacks and a growing skills shortage, ISACA believes that it is absolutely essential to develop and train a robust cybersecurity workforce,” said Barnes.

According to ISACA, when recruiting skilled staff, companies must have a realistic understanding of what they can do well and what they cannot in cybersecurity.

CIOs, CISOs and security leaders must revisit the organisational structure and skills of their security teams and IT staffs that have any responsibility for securing information assets.

This analysis involves a deep review of what currently are or can be core competencies for the organisation, and where they might need help from outsiders.

Barnes adds that the cybersecurity plan also needs to be taken off the shelf and reassessed and updated for an organisation and its professionals to be adequately prepared.

Image courtesy Jeremy Keith under CC