Despite an overall sense of improvement in cybersecurity efforts, the evolving nature of cyber threats continues to present challenges for decision-makers, according to a new report from CompTIA.
In the “State of Cybersecurity 2024” report released by CompTIA, the nonprofit association for the technology workforce and industry, findings indicate that a majority of business and technology professionals believe that the state of cybersecurity is improving, both in general and within their own organizations. Despite this optimism, the number of cybercriminals and threats is said to be on the rise, according to the authors.
Companies are collecting more data than ever before, introducing privacy implications for their customers and risks to their internal processes. Furthermore, organizations' ties between technology initiatives and business success are growing stronger due to digital transformation.
Concerning Cybersecurity Threats
Key threat areas highlighted in the report for U.S. organizations include malware (40%), ransomware (33%), firmware hacking (31%), IoT-based attacks (31%), hardware-based attacks (31%), and phishing (30%). Notably, among U.S. respondents, 22% stated that cybersecurity incidents had a severe impact on their organizations, while 43% reported a moderate impact.
The study further pinpoints four crucial variables to be addressed in cybersecurity:
- Product: Potential uses for generative AI in cybersecurity, including monitoring network traffic (53%), analyzing user behavior (50%), and automating responses to incidents (48%).
- People: The foremost challenge facing organizations is a cybersecurity skill gap. Approximately half of U.S. organizations opt for internal training to enhance cybersecurity skills. Moreover, 43% support employees in obtaining certifications to validate their expertise.
- Policy: Just over half of U.S. companies employ leading methods to identify and manage risks and associated spending. However, nearly 30% assess these risks without leveraging a formal risk management framework.
- Process: While only 28% of companies report using a zero-trust framework strategy, more are adopting practices typically associated with a zero-trust approach.
- CompTIA based its report on a survey of 1,156 business and IT professionals in cybersecurity from six geographic regions. The full report is accessible at CompTIA's official website.
Cybersecurity Concerns Decision-Makers: Commentary
Seth Robinson, vice president, industry research, CompTIA, commented:
"Even small gains in satisfaction are welcome, but there is plenty of room for improvement. Businesses have begun to consider cybersecurity as a critical function. The next stage requires a multi-faceted approach of processes, policies, people, and products.”
“Excessive cybersecurity measures can hinder overall progress, but if measures are too relaxed, it can lead to serious incidents, resulting in potentially greater negative impacts. This balancing act is a full-time job. With technology trends evolving and attack patterns changing, true equilibrium may be impossible to achieve.”
CompTIA is a nonprofit association for the IT sector. The association recently unveiled a new Emergency Response Team (ERT) to support businesses encountering cybersecurity disruptions or incidents.
In August, CompTIA joined with the Joint Cyber Defense Collaborative (JCDC) to release the JCDC RMM (remote monitoring and management) Cyber Defense Plan.