Sixty-two percent say that organizations underreport cyberattacks
美国伊利诺斯州绍姆堡-新的网络安全数据聚焦于网络安全专业人士的不足之处, 具备软技能, 云计算, 安全控制正在成为当今网络安全专业人员最大的技能缺口, according to ISACA’s annual research report, 《澳门赌场官方下载》.
59%的网络安全领导者表示,他们的团队人手不足, 根据第九次年度调查,该调查探讨了最新的网络安全威胁形势, hiring challenges and opportunities, 和预算, with insights from more than 2,000 security leaders around the world. 这份报告, 由Adobe赞助, 调查还显示,50%的受访者表示,他们有非入门级职位的空缺, compared to 21 percent with job openings for entry-level positions.
人员配备和技能
研究表明,在解决员工留任问题上已经取得了一些进展, but it continues to be a challenge. 超过一半(56%)的网络安全领导者表示,他们很难留住合格的网络安全专业人员, though this number is down four points from last year.
Continuing to reduce retention woes may be difficult, 然而, 考虑到网络安全专业人员获得的利益一直在下降,这可能是受经济不确定性的驱动. 大学学费报销下降了5个百分点,降至28%, recruitment bonuses fell two percentage points, 认证费用报销下降了一个百分点, 与2022年相比.
当招聘, 受访者表示,他们希望网络安全专业人员具备以下五大技术技能:
- Identity and access management (49 percent)
- Cloud computing (48 percent)
- Data protection (44 percent)
- Incident response (44 percent)
- DevSecOps (36 percent)
When looking at soft skills, communication (58 percent), critical thinking (54 percent), problem-solving (49 percent), 团队合作(45%)和注重细节(36%)是雇主在网络安全求职者身上最看重的五大技能. 同理心(13%)和诚实(17%)的重要性较低,这是一个值得注意的发现,因为62%的受访者认为组织低估了网络犯罪.
受访者调查了网络安全专业人员所缺乏的软技能(55%), 云计算 (47 percent), security controls (35 percent), 编码技能(30%)和软件开发相关主题(30%)是他们今天看到的最大的技能差距.
To mitigate these technical skills gaps, 受访者表示,他们的三大方法是培训有兴趣进入安全岗位的非安全人员(45%)。, 增加合同工或外部顾问的使用(38%), and increasing use of reskilling programs (21 percent). When addressing nontechnical skills gaps, organizations are leveraging online learning websites (53 percent), mentoring (46 percent), 澳门赌场官方下载培训活动(42%)和学术学费报销(20%), 尽管学费报销的使用下降了4个百分点.
“我们在网络安全专业人员中看到的软技能差距是一个令人担忧的系统性问题的一部分,我们的行业需要认真对待,乔恩·勃兰特说, ISACA导演, Professional Practices and Innovation. “While there is no simple solution, 通过协作的方式解决这些需求,这种方式超越了传统的学术界,涉及到实践培训, 指导, 其他学习途径不仅可以对个人技能集和澳门赌场官方下载安全结果产生影响, but also on the integrity of the profession as a whole.”
网络安全 Threats
When looking at the cybersecurity threat landscape, 近48%的受访者表示,与一年前相比,他们的组织遭受了更多的网络攻击. Despite the difficult threat landscape, 只有42%的受访者对其网络安全团队检测和应对网络威胁的能力有高度信心.
前三大攻击问题与去年一样——澳门赌场官方下载声誉(79%), 数据泄露问题(69%)和供应链中断问题(55%). 受访者还表示,社会工程(15%)仍然是他们经历的主要网络攻击类型, an increase of two percentage points. This is followed by:
- Advanced persistent threats (11 percent)
- Ransomware (10 percent)
- Security misconfiguration (10 percent)
- Unpatched system (10 percent)
- Denial of service (9 percent)
- Sensitive data exposure (9 percent)
展望未来
78%的受访者表示,明年对技术网络安全个人贡献者的需求将会增加, 近一半(48%)的受访者预计网络安全经理的需求会增加. 超过一半(51%)的受访者认为,明年网络安全预算至少也会有所增加.
“网络安全工作人员尤其面临着巨大的人才缺口. Adobe相信伟大的人才可以来自任何地方——我们的行业和全球政府的持续投资对于发展多样化的人才渠道至关重要,这有助于我们解决这一日益扩大的差距,” says Maarten Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe. “当涉及到能够应对网络安全威胁环境中不断变化的复杂性和独创性时,这一点尤为重要, accelerated by AI technologies.”
了解更多
Brandt和Van Horenbeeck将在10月3日美国东部时间中午12:00(世界标准时间16:00)举行的网络研讨会上进一步讨论这些发现。. 如欲登记,请浏览 http://store.sukdha.com/s/community-event?id=a334w000005hEsVAAU.
A complimentary copy of the State of 网络安全 2023 survey report can be accessed at we43.sukdha.com/state-of-cybersecurity-2023, along with related resources. Additional cybersecurity resources can be found at we43.sukdha.com/resources/cybersecurity.
关于ISACA
ISACA® (we43.sukdha.com)是一个推动个人和组织追求数字信任的全球澳门赌场官方下载. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, 凭证, 教育, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA是一个全球性的专业协会和学习型组织,它利用了170多个澳门赌场官方软件的专业知识,在信息安全等数字信任领域工作的000名澳门赌场官方软件, 治理, 保证, 风险, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA为资源不足和代表性不足的澳门赌场官方下载提供信息技术教育和职业发展途径.
媒体联系人
communications@sukdha.com
艾米丽·阿亚拉,+1.847.385.7223
布里奇特·德鲁克,+1.847.660.5554