Fortifying cybersecurity defenses remains a work in progress for many organizations, many of whom acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA, a non-profit trade association based in suburban Chicago.
While a majority of respondents feel that their company’s cybersecurity is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.”
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, vice president, industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cybersecurity considerations are the growing volume of cybercriminals, cited by 48% of respondents, and the growing variety of cyberattacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cybersecurity.”
As cybersecurity is more tightly integrated with business objectives, Zero Trust policies are seen as a viable option, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognizing a holistic Zero Trust approach. Multifactor authentication is in place at 46% of companies and cloud workload governance at 41%. Other key security changes include a higher priority on incident response, a more diverse set of technology tools, an increased focus on process improvements, and expanded employee education.
CompTIA’s “State of Cybersecurity” report is based on a Q3 2022 survey of technology and business professionals involved in cybersecurity. There were 500 respondents from the U.S. and 125 from each of six other regions around the world.
The report demonstrates the need for improvement; an area in which channel partners can add measurable value.