While businesses understand the importance of cybersecurity, they are relying on outdated strategies and misguided mindsets to protect themselves, according to a new report from CompTIA, released Tuesday.
The report, titled ” The Evolution of Security Skills,” claims that many businesses remain too defensively-focused in the way they address cyberthreats. Instead, CompTIA calls on security pros to become more proactive by seeking out and mitigating vulnerabilities before they are exploited.
“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, senior director of technology analysis for CompTIA, said in a press release. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”
Business leaders tend to focus too heavily on threats they are familiar with—namely, malware and viruses, according to the report. And, while it is important to be vigilant against those threats, leaders should also turn their attention to emerging threats and future concerns, Robinson said in the release.
Despite the fast pace at which many companies are adopting new technologies, most of them aren’t adopting the corresponding security frameworks to protect them. In the release, CompTIA said that most of the companies it studied for the report expressed only “mild concern” that they might fall victim to ransomware, DDoS attacks, IoT attacks, and more.
“While many companies have moved in the direction of cloud computing, mobile devices and other new technologies, it’s clear that a large number have failed to fully consider the corresponding security implications,” Robinson said in the release. “Gaining an appreciation and understanding of the many threats in play today is the first step in threat management.”
Some companies, however, are switching to a more offensive cybersecurity strategy, the report found. Of those surveyed, 29% claimed to be “highly proactive” in security, while another 34% said that they “balance a strong cyber defense with some proactive measures.”
Defense will also have a place in enterprise security, Robinson said in the release, but proactive measures such as pen testing and external audits must be in place to get it right.
The survey also looked into how businesses are building out their expertise, with training (60%) and certification (48%) taking the lead. Additionally, 58% of companies surveyed said that they offer security training for new employees, 46% said they performed random audits, and 35% said they provide hands-on labs.