While businesses understand the importance of cybersecurity, they are relying on outdated strategies and misguided mindsets to protect themselves, according to a new report from CompTIA, released Tuesday.
The report, titled " The Evolution of Security Skills," claims that many businesses remain too defensively-focused in the way they address cyberthreats. Instead, CompTIA calls on security pros to become more proactive by seeking out and mitigating vulnerabilities before they are exploited.
"Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated," Seth Robinson, senior director of technology analysis for CompTIA, said in a press release. "But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them."
SEE: Information security incident reporting policy template (Tech Pro Research)
Business leaders tend to focus too heavily on threats they are familiar with—namely, malware and viruses, according to the report. And, while it is important to be vigilant against those threats, leaders should also turn their attention to emerging threats and future concerns, Robinson said in the release.
Despite the fast pace at which many companies are adopting new technologies, most of them aren't adopting the corresponding security frameworks to protect them. In the release, CompTIA said that most of the companies it studied for the report expressed only "mild concern" that they might fall victim to ransomware, DDoS attacks, IoT attacks, and more.
"While many companies have moved in the direction of cloud computing, mobile devices and other new technologies, it's clear that a large number have failed to fully consider the corresponding security implications," Robinson said in the release. "Gaining an appreciation and understanding of the many threats in play today is the first step in threat management."
Some companies, however, are switching to a more offensive cybersecurity strategy, the report found. Of those surveyed, 29% claimed to be "highly proactive" in security, while another 34% said that they "balance a strong cyber defense with some proactive measures."
Defense will also have a place in enterprise security, Robinson said in the release, but proactive measures such as pen testing and external audits must be in place to get it right.
The survey also looked into how businesses are building out their expertise, with training (60%) and certification (48%) taking the lead. Additionally, 58% of companies surveyed said that they offer security training for new employees, 46% said they performed random audits, and 35% said they provide hands-on labs.
The 3 big takeaways for TechRepublic readers
- Businesses are aware of cybersecurity threats, but they aren't approaching them with the right mindset, according to a new report from CompTIA.
- To be effective at security, IT pros must take a more offensive approach, and begin to closely examine emerging threats.
- Most businesses are relying on training and certifications to build employee expertise in security.
- IoT, encryption, and AI lead top security trends for 2017 (TechRepublic)
- US Air Force asks hackers to do their worst (ZDNet)
- Report: Cyberespionage now most popular form of cybercrime in many industries (TechRepublic)
- A mysterious botnet has hijacked 300,000 devices, but nobody knows why (ZDNet)
- 5 ways to make sure users comply with patch releases (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.