Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies, more detailed processes, comprehensive education and specialized skills, a research from CompTIA finds.
Eight in 10 organizations surveyed said their cybersecurity practices are improving.
At the same time, many companies acknowledge that there is still more to do to make their security posture even more robust. Growing concerns about the number, scale and variety of cyberattacks, privacy considerations, a greater reliance on data and regulatory compliance are among the issues that have the attention of business and IT leaders.
Two factors – one anticipated, the other unexpected – have contributed to the heightened awareness about the need for strong cybersecurity measures.
“The COVID-19 pandemic has been the primary trigger for revisiting security,” said Seth Robinson, senior director for technology analysis at CompTIA. “The massive shift to remote work exposed vulnerabilities in workforce knowledge and connectivity, while phishing emails preyed on new health concerns.”
Robinson noted that the pandemic accelerated changes that were underway in many organizations that were undergoing the digital transformation of their business operations.
“This transformation elevated cybersecurity from an element within IT operations to an overarching business concern that demands executive-level attention,” he said. “It has become a critical business function, on par with a company’s financial procedures.”
As a result, companies have a better understanding of what do about cybersecurity. Nine in 10 organizations said their cybersecurity processes have become more formal and more critical.
Two examples are risk management, where companies assess their data and their systems to determine the level of security that each requires; and monitoring and measurement, where security efforts are continually tracked and new metrics are established to tie security activity to business objectives.
IT teams foundational skills
The report also highlights how the “cybersecurity chain” has expanded to include upper management, boards of directors, business units and outside firms in addition to IT personnel in conversations and decisions.
Within IT teams, foundational skills such as network and endpoint security have been paired with new skills, including identity management and application security, that have become more important as cloud and mobility have taken hold.
On the horizon, expect to see skills related to security monitoring and other proactive tactics gain a bigger foothold. Examples include data analysis, threat knowledge and understanding the regulatory landscape.
Cybersecurity insurance is another emerging area. The report reveals that 45% of large companies, 41% of mid-sized firms and 37% of small businesses currently have a cyber insurance policy.
Common coverage areas include the cost of restoring data (56% of policy holders), the cost of finding the root cause of a breach (47%), coverage for third-party incidents (43%) and response to ransomware (42%).
CompTIA announced its new tech curriculum, CompTIA CyberPrep, which allows middle schools and high schools, regardless of teacher experience in technology, to give their students a tech education. Schools can get their students interested in technology, opening their eyes to tech careers, while educating and certifying them in tech skills.
Using a rich mixture of fun lessons available for use in the classroom or online or a hybrid of both, students learn the way they want to learn so that they can relate IT to their lives.
“Some students and schools think that IT is all about coding, but there is a huge variety of skills and jobs needed in tech. In CyberPrep’s pilot course, students get broad exposure to technology – from computing basics and IT infrastructure to software development and data analytics,” said Todd Thibodeaux, CEO, CompTIA.
“Plus, we know that schools don’t have nearly enough trained teachers with technology experience. But, any teacher with some basic computer skills can teach CyberPrep courses after attending our virtual training.
“The program also includes teacher resources and access to our community of 2,000+ tech instructors, so that the teachers can become facilitators instead of lecturers,” added Thibodeaux.
CompTIA CyberPrep contains “plug-and-play” curriculum components, certification vouchers and facilitator training with package pricing based on the number of students in class. Geared for teaching throughout a traditional school calendar, the pilot curriculum builds a foundation for higher IT courses and certifications.
Six high schools have been selected to pilot CompTIA CyberPrep for the 2020-2021 school year:
- Ballard High School, Jefferson County Public Schools, KY
- Ballou Senior High School, DC Public Schools, DC
- Brooklyn STEAM Center, Brooklyn, NY
- Henry Ford High School, Detroit Public Schools, MI
- Stone High School, Stone County School District, MS
- West High School, Knox County Schools, TN
The pilots curriculum maps toward the industry-recognized, vendor-agnostic credential for CompTIA ITF Fundamentals (ITF+) certification. All CompTIA certifications are created by the tech industry and regularly updated with input from CompTIA’s membership of thousands of global tech companies and millions of tech industry professional and executives.
CompTIA also assists schools in mapping the program to state education requirements and Perkins funding requirements, in order to gain district/state approval. Schools can track the certification rates of their students to report on the program’s success.
“I am extremely excited that Ballard High School has been selected as one of six schools to pilot CompTIA CyberPrep. At Ballard, we believe in providing students a wide variety of opportunities, in a rigorous learning environment, that enables them to pursue areas of interest.
“The addition of CompTIA allows us to improve the student experience by further developing our Cyber Engineering program through the mixture of both online and teacher-led instruction.” – Dr. Jason Neuss, Principal, Ballard High School, Jefferson County Public Schools, KY
“We are excited to be able to partner with CompTIA this school year. One of the goals for our IT department at West High has been to add more classes that offer early postsecondary opportunities.
“This is a perfect example of that goal. Our students will be eligible and ready to take the CompTIA certification exam at the end of the year. We are thankful for the diverse curriculum that is being created to meet the needs of all students.” – Gina Hodges, Career & Technical Education, CAS Coordinator, West High School, Knox County Schools, TN