The level of protection most cybersecurity professionals can bring to an organisation is basic, according to a new global survey.
ISACA and RSA Conference surveyed 461 cybersecurity chiefs and professionals around the world during November and December 2015. Of the 75 per cent of security professionals who were confident in their team's ability to detect and respond to incidents, 6 in 10 do not believe their staff can handle anything beyond simple cybersecurity events.
Further, 59 per cent of the security specialists said less than half of job candidates were qualified for the job they were hired for, up from 50 per cent in the previous year’s survey. Meanwhile, 27 per cent said it takes six months to fill a cyber security position, up 3 per cent from the previous year.
The surveyed showed 30 per cent of respondents experience phishing attacks every day, while 37 per cent experience physical loss and 27 per cent experience denial of service attack at least quarterly. The most frequent attack types in 2015 were phishing (60 per cent), malware (52 per cent) and social engineering (41 per cent).
When it comes to investment in cybersecurity, the survey showed 61 per cent of respondents expect their cybersecurity budget to increase in 2016, with 75 per cent saying their organisation’s cybersecurity strategy aligns to enterprise objectives.
However, the issue of high skilled workers who can tackle more sophisticated attacks remains.
“The lack of confidence in current cybersecurity skill levels shows that conventional approaches to training are lacking,” said Ron Hale, chief knowledge officer of ISACA.
“Hands-on, skills-based training is critical to closing the cybersecurity skills gap and effectively developing a strong cyber workforce,” he said.
The survey showed that most organisations are using traditional forms of training such as on-the-job training, knowledge-based vendor training or self-training, but they “have not closed the gap”.