Security : Surveillance : Integrated Systems :
Comprehensive Cybersecurity Nexus Program
One in five businesses has experienced an APT attack, yet 62% of enterprises are not increasing security training in 2014
One in five IT security professionals say their enterprises have been the target of an advanced persistent threat (APT) yet 62 percent of organizations have not increased security training in 2014, according to the ISACA 2014 APT Survey.
A separate study by Cisco estimates that close to 1,000,000 positions for security professionals remain unfilled.1 These indicators of a massive talent shortage are compounded by a skills gap, with few cybersecurity programs emphasizing expertise in business strategy and communication, in addition to technology. To help address this growing worldwide skills crisis, global IT association ISACA today launched the Cybersecurity Nexus (CSX) program at its North America CACS conference.
CSX, developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, fills an unmet need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications, education, mentoring and community. All CSX materials are designed to provide security-related information within the larger business context.
“Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend against them,” said Robert Stroud, ISACA international president-elect and vice president of strategy and innovation for IT Business Management at CA Technologies. “ISACA is proud to help close this gap with a comprehensive program that provides expert-level cybersecurity resources tailored to each stage in a cybersecurity professional’s career.”
The continued growth of cyberattacks comes with a steep price tag. A World Economic Forum/McKinsey report estimates that not changing current approaches to cybersecurity could cost the global economy US $3 trillion.2
The CSX program reflects ISACA’s ongoing collaboration with other global organizations at the center of cybersecurity, such as NIST (U.S. National Institute of Standards and Technology) and ENISA (European Union Agency for Network and Information Security). ISACA will also host the World Finals of the EC-Council-run CyberLympics ethical hacking competition at its upcoming EuroCACS/Information Security and Risk Management Conference in Barcelona.
Next Generation of Cyber Defenders
Student interest in cybersecurity careers is strong. A recent global poll of members of ISACA student chapters shows that 88 percent of the ISACA student members surveyed say they plan to work in a position that requires some level of cybersecurity knowledge. However, fewer than half say they will have the adequate skills and knowledge they need to do the job when they graduate.
“Security is always one of the top three items on a CIO’s mind, yet IT and computer science programs at the university level are not allocating a proportional amount of training to cybersecurity,” said Eddie Schwartz, vice president of global cybersecurity and consulting solutions at Verizon Enterprise Solutions and chair of ISACA’s Cybersecurity Task Force. “Today, there is a sizeable gap between formal education and real world needs. This, in itself, is an area requiring immediate focus so that the industry can get better at detecting and mitigating cyberthreats.”
“Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders,” noted ISACA International President Tony Hayes.
Upcoming elements in the Cybersecurity Nexus program include a mentoring program, a practitioner-level cybersecurity certification, SCADA guidance, training courses, implementation guidance related to the US Cybersecurity Framework developed by NIST and teaching materials for professors.
1 Cisco 2014 Annual Security Report
2 Risk and responsibility in a hyperconnected world: Implications for enterprises, The World Economic Forum and McKinsey & Company