CompTIA Newsroom

 

CompTIA Press Releases

Stronger Metrics and Skills Needed to Combat Growing Complexity of Cybersecurity Universe, New CompTIA Report Asserts

Oct 3, 2018

Downers Grove, Ill. – A greater reliance on metrics to measure success combined with enhancing skills across security teams can help organizations boost their cybersecurity effectiveness, according to a new report from CompTIA, the world’s leading technology association.

2018 Trends in Cybersecurity: Building Effective Security Teams” explores what organizations are doing to secure data and handle privacy concerns in an environment that has grown in complexity. Specifically, the report looks at the ways that companies are forming teams around security, using both internal resources and external partnering. Four hundred U.S-based business participated in the survey.

The use of security metrics to measure success and inform investment decisions is an area that’s taking on greater importance, according to the report.

“Though just one in five organizations makes heavy use of metrics within their security function, a full 50 percent of firms are moderate users of these measurements,” said Seth Robinson, senior director for technology analysis at CompTIA.

“The use of metrics in the cybersecurity realm provides an excellent opportunity to bring together many parts of the business,” he continued. “From the board level through layers of management down to the people executing security activities, all have a vested interest in setting the proper metrics and reviewing progress against goals.”

Robinson advised that the most important guideline for establishing security metrics is to make sure that all aspects of security are covered. This should include:

  • Technical metrics, such as the percent of network traffic flagged as anomalous.
  • Compliance metrics, such as the number of successful audits.
  • Workforce metrics, such as the percentage of employees completing security training.
  • Partner metrics, such as the number of external agreements with security language.

Upskilling Security Teams

The use of security metrics and the formation of security teams should be viewed as complementary activities, though for many organizations some upskilling will be necessary.

"Foundational skills such as network security, endpoint security and threat awareness still form the bedrock of a strong team,” Robinson said. “But as the cloud and mobility have become ingrained into IT operations, other skills have taken on equal or greater importance.”

In the CompTIA report organizations said improvement is needed across a broad set of skills, led by vulnerability assessment, knowledge of threats, compliance and operational security, access control and identity, and incident detection and response.

To close their skills gaps companies are primarily looking to train current employees or expand their use of third-party security expertise. New headcount and new partnerships are secondary considerations. Industry certifications may also play a role.

When it comes to the use of external resources, 78 percent of companies rely on outside partners for some or all of their security needs. Many firms rely on more than one partner, another indicator of the complexity of cybersecurity.

Just over half of firms surveyed (51 percent) use a general IT solution provider; while 38 percent use a general security firm, one that might manage both physical and IT security. About 35 percent of companies are engaged with a focused IT security firm, such as a managed security services provider; and 29 percent use a firm that provides technical business services, such as digital marketing or content management.

The CompTIA report “2018 Trends in Cybersecurity: Building Effective Security Teams” is available free of charge at https://www.comptia.org/resources/cybersecurity-trends-research.

About CompTIA
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.

Contact:
Steven Ostrowski
CompTIA
630-678-8468
[email protected]

 

View all Press Releases

Media Resource Center

Media Contact

Steve Ostrowski

Senior Director, Corporate Communications
(630) 678 - 8468
[email protected]

Public Sector Media Contact

Roger Hughlett

Director, Corporate Communications
(202) 503 - 3644
[email protected]


Follow Us

Follow us on social media to keep up to date on CompTIA.


Media Library

Download CompTIA logos and assets from our press releases to use in your article or write-up.

Access Now
Media Resources
Press Releases
Subscribe to CompTIA News
CompTIA in the news
Media Library

CompTIA Meetings & Events

CompTIA Year End Planning Meeting (YEPM) 2024 - By Invitation

Scottsdale, Arizona
December 9 - 11, 2024

CompTIA Monthly Solution Provider Member Onboarding - December

Online
Tuesday, December 10 at 11am CT

CompTIA Community December Company Member Meetup

Online
Thursday, December 12, 2024 at 10 AM (CST)/4 PM (GMT)

View all CompTIA Meetings & Events

Fast Facts

  • $2 trillion – Estimated direct economic impact of the U.S. tech industry, representing 8.8% of the national economy.

  • 582,000 – Number of tech business establishments in the U.S.

  • 9.1 million – U.S. net tech employment at the end of 2022.

  • 286,400 – Estimated number of new technology jobs added in the U.S. in 2022.

  • 4.1 million – Number of postings by U.S. employers for tech job openings during 2022.