Get Our Email Newsletter

New Mindset Required to Respond to Cyber Threats, CompTIA Study Asserts

Businesses recognize security as a growing imperative, but many remain on the defensive, fighting cyber threats with dated tactics and training, according a to new report released by CompTIA. The Evolution of Security Skills calls on companies to adopt proactive measures to identify weak links before they are exploited; broaden the security skills of their technology professionals; and implement top to bottom security training throughout the organization.

“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” said Seth Robinson, senior director, technology analysis, CompTIA. “But a new, proactive approach combining technologies, procedures, and education can help find problem areas before attackers discover them.”

One of the challenges for organizations is that they tend to place the greatest emphasis on the cyber threats they understand the best. Malware and viruses, two of the oldest forms of cyber attacks, typically get the most attention.

- Digital Partner -

“While we certainly need to remain vigilant about these threats, many other forms of attack have emerged that can carry disastrous consequences,” Robinson said.

The majority of companies in the study expressed only mild concern that they would be the target of ransomware, a dedicated denial of service, social engineering, Internet of Things-based attacks, or SQL injections.

“While many companies have moved in the direction of cloud computing, mobile devices and other new technologies, it’s clear that a large number have failed to fully consider the corresponding security implications,” said Robinson. “Gaining an appreciation and understanding of the many threats in play today is the first step in threat management.”

Companies are gradually shifting their focus from defense to offense. In CompTIA’s survey of business and technology executives at 350 US companies, 29 percent of firms said they are highly proactive in their security posture, emphasizing detection and response. Another 34 percent said they balance a strong cyber defense with some proactive measures.

“Strong defense will always play a role, but this must be coupled with external audits, penetration testing and other proactive measures,” Robinson advised.

LP Solutions

The Human Factor

Training (60 percent of companies surveyed) and certification (48 percent) are generally the favored methods of building advanced security expertise for their technology professionals.

Organizations that follow through on certifications after training find that they provide a higher degree of credibility, better proof of knowledge and improved candidacy for open positions.

Companies are also more understanding of the need to develop a security-aware culture, from the executive team through middle managers to the general staff. The survey found that 58 percent of companies offer security training during new employee orientation; 46 percent perform random audits; and 35 percent offer “live fire” hands-on labs.

The Evolution of Security Skills is based on an October 2016 online survey of workforce professionals at 350 U.S. businesses. To read the full report, visit CompTIA Insight & Tools.

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.


View All | Sponsor a Webinar


View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.