While many organizations are committed to strengthening their cybersecurity defenses, a large number have yet to fully dedicate the necessary resources to fix their shortcomings let alone move to a zero trust policy, new research from industry association CompTIA found.
CompTIA’s State of Cybersecurity study, which spans seven geographic regions — Australia/New Zealand, Southeast Asia, Benelux, Canada, Germany, United Kingdom and United States — reveals that a majority of respondents believe that their cybersecurity is satisfactory. However, only a handful ranked it as “completely satisfactory” — an indication of the need for improvement.
Ransomware, Phishing Major Cause of Concern
Organizations are particularly feeling the pinch to boost their cyber defenses owing to the growing volume of cybercriminals, cited by 48% of respondents and the growing variety of cyberattacks (45%). Ransomware and phishing have become major areas of concern as digital operations have increased and human error has proven more costly, CompTIA said.
Seth Robinson, vice president of Industry Research at CompTIA, explained the security imperative organizations face:
"Companies are aware of the threats they face and the potential consequences of an attack or breach. But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed."
Additional findings from the survey include:
- 43% of companies have placed a higher priority on incident response
- 39% are deploying a more diverse set of technology tools, with SaaS monitoring and management tools making a substantial jump in adoption
- 38% are increasing their focus on process improvements
- 37% are shifting to more proactive measures
- 36% are expanding employee education
All In On Zero Trust?
Zero trust is the “overarching policy” that should be guiding modern security efforts, CompTIA said. But the path ahead to zero trust requires major changes in thinking and acting by organizations. The industry association said that organizations are making “small progress” overall toward a zero trust policy. Now, many companies are adopting multi-factor authentication (46%) and cloud workload governance (41%).
The disconnect between an organization’s technology and business sides is a significant gap that needs to be closed, CompTIA states. Forty-seven percent of small businesses have the CEO or owner as part of the cybersecurity chain, compared to 37% of mid-sized firms and 27% of large enterprises.
In addition, companies are struggling to address technical skill needs, such as threat knowledge, network security and data analysis.