New and evolving threats combined with persistent resource challenges are limiting the ability of many different businesses – including those in the trucking industry – to defend against what are politely being called “cyber intrusions.”
According to the recent 2017 State of Cyber Security Study, compiled by the information technology (IT) industry trade group ISACA, previously known as the Information Systems Audit and Control Association, some 80% who participated in this year’s survey believe it is likely their enterprise will experience a cyberattack this year, with many “struggling to keep pace” with the threat environment.
About 53% of those responding to ISACA’s poll reported a year-over-year increase in cyberattacks for 2016, representing a combination of changing threat entry points and types of threats:
- The Internet of Things (IoT) overtook mobile as primary focus for cyber defenses as 97% of organizations see rise in its usage. As the IoT becomes more prevalent in organizations, cyber security professionals need to ensure protocols are in place to safeguard new threat entry points.
- Some 62% reported experiencing ransomware in 2016 but only 53% percent have a formal process in place to address it. That’s of concern given the significant international impact of the recent WannaCry ransomware attack.
- A large percentage of organizations don’t regularly test their cyber defenses. Fewer than one in three organizations (31%) said they routinely test their security controls, 13% said they never test them, and 16% said they do not have an incident response plan.
“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” said Christos Dimitriadis, ISACA’s chairman and group head of information security at cyber firm INTRALOT, in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”
He noted that ISACA’s survey this year indicated that, while cyber security is a priority for enterprise leadership, roadblocks facing cyber security professionals remain.
The good news is that more organizations than ever now employ a chief information security officer: up to 65% said they do in this year’s poll, an increase from 50% in 2016.
However, security leaders continue to struggle to fill open cyber security positions and nearly half (48%) don’t feel comfortable with their cyber team’s ability to address anything beyond simple cyber security issues. Additionally, more than half of all respondents say cyber security professionals lack an ability to understand the business, noted Dimiatridis
“With the number of malicious attacks increasing, organizations can’t afford a resource slowdown,” he stressed. “Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cyber security challenges faced by all enterprises.”