Organizations are struggling to monitor and secure networks due to a worldwide shortage of nearly one million skilled security professionals, according to Cisco’s 2014 Annual Security Report released last week.
The sophistication of cyberattacks have outpaced the ability of IT and security professionals to address these evolving threats, according to Cisco. Most organizations don’t have adequate systems or people in place to proactively detect network infiltrations or to mitigate attacks once they have already happened.
“Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” John N. Stewart, senior vice president, chief security officer, Threat Response Intelligence and Development, Cisco said. “To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack.”
Overall vulnerabilities and threats reached the highest level since Cisco began tracking attacks through its Cisco Security Intelligence Operations in May 2000. As of October 2013, cumulative annual alert totals increased 14 percent year-over-year from 2012. DDoS attacks have increased in volume and severity, and mobile malware also became increasingly popular in 2013. Nearly all of mobile malware (99 percent) targeted Android devices.
As for the most frequently exploited programming language, Java took that spot with Java exploits making up 91 percent of Indicators of Compromise, according to the report.
Cisco’s report confirms other recent findings that skill shortages in IT-related positions exist, despite Chief Information Security Officers earning an average annual base salary equivalent to that of other C-level executives.
To address the skills gap, some schools are partnering with private organizations to provide training. For example, recently security provider Fortinet partnered with Ottawa-based Willis College to provide network security training.