Organizations cite lack of resources to combat growing cyber threats, new study shows

Persistent resource challenges combined with new and evolving cyber threats have limited various organization’s ability to defend themselves against cyber threats, according to a second installment of the Information Systems Audit and Control Association’s (ISACA) 2017 State of Cyber Security study.

According to the study’s survey, more than half of respondents reported a year-over-year increase in cyberattacks throughout 2016.

The study found that Internet of Things (IoT), which represent internet-connected devices found in common household technology, overtook mobile as the primary focus for cyber defenses with 97 percent of respondents seeing a rise in IoT usage.

Additionally, 62 percent of respondents reported experiencing ransomware attacks in 2016, while 78 percent reported a rise in malicious attacks on organizational operations or user data. However, only 53 percent of organizations said that had a formal process in place to address ransomware attacks.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA Board Chair Christos Dimitriadis said.“Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

While cybersecurity remained a priority for respondents, the survey found a number of roadblocks remaining for cybersecurity professionals. Specifically, one in four organizations reported cybersecurity training budgets of less than $1,000 per cyber team member and that fewer organizations increased their cybersecurity budgets compared to 2015.

“With the number of malicious attacks increasing, organizations can’t afford a resource slowdown,” Dimitriadis said. “Yet with so many respondents showing a lack of confidence in their team’s’ ability to address complex issues, we know there is more that must be done to address the urgent cyber security challenges faced by all enterprises.”