Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2018 Trends in Cybersecurity: Building Effective Security Teams

433 views

Published on

Cybersecurity has changed drastically in the new era of IT. This report explores how greater complexity and higher importance are leading to focused security teams.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2018 Trends in Cybersecurity: Building Effective Security Teams

  1. 1. 2018 TRENDS IN CYBERSECURITY BUILDING EFFECTIVE SECURITY TEAMS September 2018 The complete 2018 Trends in Cybersecurity research report can be viewed free of charge at CompTIA.org (with simple registration) Copyright (c) 2018 CompTIA Properties, LLC, All Rights Reserved | CompTIA.org | research@comptia.org
  2. 2. Satisfaction with current security posture Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S. 27% 61% 12% 20% 67% 13% Large Mid-sized Small Completely satisfactory Adequate/ unsatisfactory Mostly satisfactory 14% 64% 22%
  3. 3. Major issues driving IT security 31% 35% 38% 44% 47% 51% 51% 57% Compliance with regulations Quantifying impact of security to business Breadth of skills needed to address security issues Increased reliance on data Overall threat of attacks to business Privacy concerns Variety of attacks Growing number of hackers/cybercriminals Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S.
  4. 4. Drivers for changing approach to IT security 11% 18% 19% 20% 24% 25% 26% 36% 48% No recent change to security approach Focus on a new industry vertical Change in management Change in business operations or client base Vulnerability discovered by an outside party Action taken after training or certification Internal security breach or incident Reports of security breaches at other organizations Change in IT operations Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S.
  5. 5. Location of security center of operations Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S. 36% 26% 20% 8% 6% Part of internal infrastructure team Internal team reporting to CIO Internal team outside IT Third-party security firm Not enough security focus for dedicated center 4% Third-party IT firm
  6. 6. Demographics of third party security partners 37% 50% 13% Number of security partners 4 or more 19% 39% 43% 1-2 years 3-4 years More than 5 years 2-3 1 Number of years working with third party security lead Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 314 IT and business professionals in the U.S. working with third party security firms n = 54 IT and business professionals in the U.S. working with third party security firms as center of security operations
  7. 7. Prerequisite knowledge needed for IT security 57% 62% 66% 66% 69% 71% Basic knowledge of cloud architecture Awareness of laws/regulations Basic knowledge of endpoint devices Understanding of internal workflow/processes Basic knowledge of networking Basic knowledge of server administration Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S.
  8. 8. Improvement needed across broad set of skills Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S. 51% 58% 58% 64% 61% 61% 56% 59% 65% 63% 59% 63% 28% 30% 31% 25% 28% 28% 33% 31% 25% 27% 32% 28% Cryptography Penetration testing Risk management Network/infrastructure security Application/data/host security Security analytics Educational ability Incident detection and response Access control/identity management Compliance/operational security Knowledge of threats/vulnerabilities Vulnerability assessment Moderate improvement needed Significant improvement needed
  9. 9. Options being considered for improving security skills 57% 53% 44% 41% 37% Train current employees Hire security- specific skills Expand use of third parties Certify current employees Explore use of third parties Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S.
  10. 10. 67% 27% 6% Formal policies and procedures Unwritten rules that are typically followed Incident Response Plans Common but Not Necessarily Effective No policies or procedures 33% 60% 7% Highly effective Moderately effectiveSlightly effective/Not effective Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 402 IT and business professionals in the U.S. n = 376 IT and business professionals in the U.S. with formal or informal incident response plans
  11. 11. Wide Variety of Metrics In Use 18% 20% 25% 31% 31% 36% 38% 40% 40% 43% 45% Number of third-party agreements with security language Formal return on investment calculation Informal return on investment process Percentage of software going through code review Number of flaws found by third party audit Number of violations of corporate policy Percent of network traffic flagged as anomalous Percentage of employees taking security training Percent of systems with formal risk assessment Number of systems patched recently Number of successful compliance audits Source: CompTIA’s 2018 Trends in Cybersecurity study | n = 366 IT and business professionals in the U.S. using security metrics

×