Ponemon Institute/Accenture Ninth Annual Cost of Cybercrime Study, the number of cyberattacks each enterprise has seen has increased, and these incidents take more time to resolve while the cost of cybercrime continues to rise. In the last year, the report notes, there have been many stealthy, sophisticated and targeted cyberattacks against public and private sector organizations. Combined with the expanding threat landscape, organizations are seeing a steady rise in the number of security breaches—from 130 in 2017 to 145 in 2018. Indeed, there has been a 67% increase in the number of security breaches in the last 5 years.
At the same time, ISACA’s State of Cybersecurity 2019 Report—Current Trends in Workforce Development notes that technically proficient cybersecurity professionals continue to be in short supply and difficult to find. This fact is compounded when coupled with the realization that the greatest skill needed in the field is business acumen. Currently, the most-prized hire in a cybersecurity team is a technically proficient individual who also understands business operations and how cybersecurity fits into the greater needs of the enterprise.
So, what can be done? In my opinion, we in the audit profession need to step up. We have the required business skills, but we need to develop complementary cybersecurity auditing skills. I discuss how to perform a cybersecurity audit including the tools, training and resources that ISACA has made available in my recent ISACA® Journal column, “Auditing Cybersecurity.”
Read Ian Cooke’s recent Journal article:
“IS Audit Basics: Auditing Cybersecurity,” ISACA Journal, volume 2, 2019.