Changing approaches to cybersecurity have led to slow but steady progress in defense and protection, but competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to new research from CompTIA, the nonprofit association for the technology workforce and industry.
A majority of business and technology professionals feel that the overall state of cybersecurity is improving, both generally and within their organisations, according to CompTIA’s “State of Cybersecurity 2024” report.
They also acknowledge that the stakes have grown dramatically, with the number of cyber criminals and threats skyrocketing. At the same time, companies are capturing far more data, creating new privacy implications for customers and operational risk for their internal workflows.
Seth Robinson, Vice President, Industry Research, CompTIA, says, “Even small gains in satisfaction are welcome, but there is plenty of room for improvement. Businesses have begun to consider cybersecurity as a critical function. The next stage requires a multi-faceted approach of processes, policies, people and products.”
Organisations are responding on each of these fronts. Generative artificial intelligence (AI) is viewed as a tool that can help manage the growing complexity of cybersecurity. There is a heightened commitment to workforce education, including training for all staff and support for certification for technical professionals. Risk management and zero trust practices are gaining a larger footprint.
The challenge becomes even greater as organisations go through digital transformation and tie technology initiatives more closely to business success, according to Robinson.
He says, “Excessive cybersecurity measures can hinder overall progress, but if measures are too relaxed, it can lead to serious incidents, resulting in potentially greater negative impacts."
“This balancing act is a full-time job. With technology trends evolving and attack patterns changing, true equilibrium may be impossible to achieve.”
CompTIA believes there are four critical variables that must be considered in balancing the cybersecurity equation. The report identifies trends to watch in 2024 in these areas.
Product: Companies in Australia and New Zealand see a wide range of likely uses for generative AI in cybersecurity over the next two to three years.
- Predicting areas where future breaches may occur: 54%
- Analysing user behavior patterns: 48%
- Generating tests of cybersecurity defences: 48%
- Automating response to cybersecurity incidents: 47%
- Monitoring traffic and detecting malware: 46%
- Automating configuration of cybersecurity infrastructure: 46%
People: By a slim margin, the top challenge facing organisations is a cybersecurity skill gap. To narrow the gap, organisations use internal training to improve cybersecurity skills and are helping employees pursue certifications to validate their knowledge.
Policy: Risk management is becoming the primary method for assessing the connection between cybersecurity efforts and business operations. Among ANZ organisations, 44% take a leading approach to identify and manage risks and related spending, while 38% assess risks but do not use a formal risk management framework.
Process: Building cybersecurity processes and integrating cybersecurity into business workflows drives many functional decisions, from evaluating new technologies, to governance, risk and compliance, to workforce education. The general intent of any process, whether direct or indirect, is to align with the principles of a zero-trust framework. Although only 28% of firms identify a zero-trust framework as part of their strategy, more organisations are following individual practices commonly included in a zero-trust approach.
CompTIA’s “State of Cybersecurity 2024” report is based on a survey of 1,156 business and IT professionals involved in cybersecurity for organisations in six geographic regions around the world.