As cyberattacks keep growing and coming, businesses aren't prepared to mount adequate defenses to ward them off, according to ISACA, the global organization that provides technology industry certifications.
In its 2017 State of Cyber Security Study, ISACA said more than 53 percent of respondents reported a year-over-year increase in cyberattacks for 2016, with the Internet of Things replacing mobile technology as the "emerging area of concern."
What could be worse, though, is that businesses don't appear to be doing enough to effectively block cyberthreats, even though 80 percent of security leaders who participated in the survey believe it's likely their organizations will experience a cyberattack this year, ISACA found.
[RELATED: What 6 Top Security Certifications Pay]
While half of the businesses represented in the survey foresee a growth in their cybersecurity budgets over the next year, that's down from 61 percent in a similar ISACA survey last year. Meanwhile, fewer than one in every three organizations – 31 percent – say they routinely test their security controls, and 13 percent never test them, ISACA said. And 16 percent don't have an incident response plan.
ISACA's report said many organizations are leveraging outside resources, such as managed security services providers and consultants, to offset the security skills they don't have in-house to protect their information infrastructure. But the report warned, "If the skills gap continues unabated, which appears likely … and the funding for automation and external third-party support is reduced, it will become more difficult for enterprises to fill their cybersecurity needs."
Last month, Gartner analyst Mike Cisek urged a gathering of midmarket CIOs to consider managed security services to do what their own staffs cannot in securing their infrastructures. Speaking at Midsize Enterprise Summit East, hosted by ITBestOfBreed's parent, The Channel Company, he also cited the challenge businesses face in landing someone with the right blend of security skills in today's job market, which favors job seekers.
Netelligent, a solution provider based in Chesterfield, Mo., has seen "many" midmarket companies that are shackled from investing more deeply in security because of budget constraints, according to Bob Hollander, vice president of sales and marketing. "I get it; it's hard to allocate spend against perceived and unclear risk," he said.
On the other hand, Hollander said, "we have experienced good success with clients who had clear needs, were forward-thinking or had compliance obligations."
Staff shortages in security are overcome "by really terrific service providers who can augment the staff and who can support and efficient security department," added Kevin Goodman, managing director and partner at Cleveland-based BlueBridge Networks, No. 447 on CRN's 2017 Solution Provider 500. He believes security service providers can benefit if they were to have "educated internal champions" within user organizations who can advocate and vouch for their skills.
"There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner," ISACA board chair Christos Dimitriadis said in a statement. "Cybersecurity professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared."