A new study from CompTIA, a nonprofit organization for technology talent and industry, shows that while changes in approaches to cybersecurity are making slow but steady progress in defense and protection, competing interests are We found that this is a growing challenge for security decision makers and practitioners.
A majority of business and technology professionals feel the overall state of cybersecurity is improving, both in general and within their organizations, according to CompTIA’s State of Cybersecurity 2024 report .
They also acknowledge that the danger has increased dramatically as the number of cybercriminals and threats proliferates. At the same time, businesses are collecting far more data, creating new privacy implications for customers and operational risks for internal workflows.
Seth Robinson, vice president of industry research at CompTIA, said: Businesses are starting to consider cybersecurity as a critical function. The next stage requires a multifaceted approach to processes, policies, people, and products. ”
Organizations are responding on each of these fronts. Generative artificial intelligence (AI) is seen as a tool to help manage the increasing complexity of cybersecurity. We have increased our commitment to employee education, including training for all staff and certification support for technical experts. Risk management and zero trust practices are having a larger impact.
Robinson says the challenges are growing as organizations digitally transform and align their technology efforts more closely with business success.
He said, “Excessive cybersecurity measures can hinder overall progress, but taking too few measures can lead to serious incidents and have even greater negative consequences.”
“Striking this balance is a full-time job. As technology trends evolve and attack patterns change, achieving true balance can become impossible.”
CompTIA believes there are four important variables to consider when balancing the cybersecurity equation. The report identifies trends in these areas to watch in 2024.
Products: Australian and New Zealand companies will see widespread use of generative AI in cybersecurity over the next two to three years.
- Predict areas where future breaches may occur: 54%
- Analyze user behavior patterns: 48%
- Generate tests for cybersecurity defenses: 48%
- Automated response to cybersecurity incidents: 47%
- Traffic monitoring and malware detection: 46%
- Automating cybersecurity infrastructure configuration: 46%
People: By far the biggest challenge facing organizations is the cybersecurity skills gap. To close the gap, organizations are using internal training to improve cybersecurity skills and helping employees earn certifications to prove their knowledge.
Policy: Risk management is becoming the primary method for evaluating the relationship between cybersecurity efforts and business operations. 44% of ANZ organizations have a leading approach to identifying and managing risk and associated spend, and 38% assess risk but do not use a formal risk management framework .
Processes: Building cybersecurity processes and integrating cybersecurity into business workflows drives many functional decisions, from evaluating new technologies to governance, risk, compliance, and employee training. . The general goal of any process, whether direct or indirect, is to follow the principles of a Zero Trust framework. Although only 28% of companies identify a Zero Trust framework as part of their strategy, more organizations follow the individual practices commonly included in a Zero Trust approach.
CompTIA’s State of Cybersecurity 2024 report is based on a survey of 1,156 business and IT professionals involved in organizational cybersecurity in six geographic regions around the world.