A troubling 73 percent of organizations have been plagued by at least one security breach or incident in the past year, with about 60 percent of breaches categorized as serious. Organizations are altering security practices and policies due to greater reliance on cloud computing and mobile technology solutions, according to a new report by CompTIA.
More than 1,500 business and technology executives in 12 countries were surveyed. The report includes data from Australia, Brazil, Canada, Germany, India, Japan, Malaysia, Mexico, South Africa, Thailand, the United Arab Emirates (UAE) and the United Kingdom (UK).
Security breaches hit 73 percent of organizations
Self-reported security breaches were most prevalent in India (94 percent), Malaysia (89 percent), Brazil (87 percent), Mexico (87 percent) and Thailand (82 percent). Organizations in Japan (39 percent) and the UAE (40 percent) self-reported the lowest percentages of cybersecurity incidents.
The percentage of mobile-related security incidents – such as lost devices, mobile malware and phishing attacks or staff disabling security features – was even higher: 76 percent across all 12 countries. Mobile incidents were self-reported at the highest percentages in Thailand (95 percent), India (92 percent) and Mexico (89 percent); and in the lowest percentages in Japan (60 percent), the UAE (60 percent) and the UK (64 percent).
In 10 of 12 countries, changes in IT operations, whether due to greater reliance on mobile technology, the use of cloud-based solutions or some other factor, were listed as the top driver for altering approaches to cybersecurity.
Security awareness and training
Organizations are taking steps to assess and improve cybersecurity knowledge among their employees. Practices include new employee orientation, ongoing training programs, online courses and random security audits.
But the results so far have been mixed. Only 23 percent of organizations rate their cybersecurity education and training methods as extremely effective. Making employee training mandatory, more comprehensive training delivered more often and combining training with follow-up tests and assessments are some of the steps that would improve effectiveness, executives said.
Nearly all managers believe it is important to test after cybersecurity training to confirm knowledge gains (96 percent). Eight in 10 indicate that professional certifications for IT workers are valuable or very valuable as a way to validate cybersecurity-related knowledge and skills.