ISACA’s State of Cybersecurity Report stelt ook vast dat slechts 1 op de 3 organisaties er veel vertrouwen in heeft dat het in hun vermogen ligt bedreigingen te detecteren en erop te kunnen reageren
SCHAUMBURG, Ill.- (BUSINESS WIRE) – Terwijl de aanvalsvectoren jaarlijks grotendeels hetzelfde blijven, zal het aanvalsvolume toenemen en kan cybercriminaliteit enorm worden onderschat, volgens de 2019 State of Cybersecurity Study from ISACA.
“Het te weinig rapporteren van cybercriminaliteit – zelfs wanneer onthulling wettelijk verplicht is – lijkt de norm te zijn,” zei Greg Touhill, Brigadier General (ret), ISACA Board Director, voorzitter van Cyxtera Federal en de eerste US Federal CISO. “De helft van alle respondenten gelooft dat de meeste ondernemingen cybercriminaliteit te weinig melden, zelfs wanneer dit vereist is.”
New Study Reveals Cybercrime May Be Widely Underreported—Even When Laws Mandate Disclosure
ISACA’s State of Cybersecurity Report Also Finds Only 1 in 3 Organizations Highly Confident in Their Ability to Detect and Respond to Threats
SCHAUMBURG, Ill.–(BUSINESS WIRE)– While attack vectors remain largely the same year over year, attack volume will increase and cybercrime may be vastly underreported, according to the 2019 State of Cybersecurity Study from ISACA.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190603005858/en/
ISACA’s State of Cybersecurity 2019 Report, Part 2 Infographic: Attacks, Awareness and Governance (Graphic: Business Wire)
“Underreporting cybercrime—even when disclosure is legally mandated—appears to be the norm,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO. “Half of all survey respondents believe most enterprises underreport cybercrime, even when required.”
Equally concerning, only 34 percent of cybersecurity leaders have high levels of confidence in their cybersecurity team’s ability to detect and respond to cyberthreats. The highest levels of confidence are correlated with teams reporting directly into the CISO, and the lowest levels are correlated with teams reporting into the CIO. Forty-three percent of respondents say their teams report to a CISO, and 27 percent report to a CIO.
“What we can conclude from this year’s study is that governance dictates confidence level in cybersecurity,” said Frank Downs, ISACA’s director of cybersecurity practices.
These findings indicate confusion around structuring cybersecurity with information technology.
ISACA’s State of Cybersecurity Study, sponsored by HCL, captures perspectives of more than 1,500 individuals who define the field worldwide.
According to this report, released today at Infosecurity Europe, the top three threat actors remain cybercriminals, hackers and nonmalicious insiders. Phishing, malware and social engineering are the most prevalent attack types for the third year in a row. Ransomware decreased significantly; 37 percent of organizations reported experiencing ransomware in last year’s study, compared to 20 percent this year.
Just under half of organizations report an increase in cybersecurity attacks this year, and 79 percent consider it likely they will experience a cyberattack next year.
“Cybersecurity suffers from a siloed and static approach,” said Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC, at HCL Technologies Ltd. “Many teams are missing significant attacks because they don’t have the size or expertise to keep up with attackers. Moreover, their existing security tools and processes are segregated and seldom work in tandem.”
However, by carefully analyzing variables contributing to incident susceptibility and team inefficiency—including cyber reporting structure, prevalent attack methods and team readiness through a culture of continuing professional education—organizations can better prepare themselves for dangers presented by cyber miscreants, says Downs.
State of Cybersecurity 2019 parts 1 and 2 are available for free at www.isaca.org/info/state-of-cybersecurity-2019/index.html, as part of ISACA’s Cybersecurity Nexus, which offers credentials, training, guidance and research for security professionals.