ISACA《2021年度网络安全状况调查报告》
ISACA(国际信息系统审计协会)与 HCL Technologies 联合发布了 <State of Cybersecurity 2021, Part 2: Threat Landscape, Security Operations and Cybersecurity Maturity>。
该报告基于全球 3659 名受访者的调研。
一、网络攻击的数量增加,35%的受访者表示网络攻击比前一年有所增加
14% Social engineering 社会工程
10% Advanced persistent threat (APT) 高级持久性威胁
9% Ransomware 勒索病毒
9% Unpatched system 未打补丁的系统
8% Denial of service (DoS) 拒绝服务攻击
二、最关注的网络攻击问题
78% Organization reputation 组织声誉
69% Data breaches resulting in customer physical or financial harm 数据泄露导致客户人身或财务损害
49% Cyberattack on supply chain or business disruption 对供应链或业务中断的网络攻击
32% Loss of proprietary trade secrets 丧失专有商业机密
29% Your professional reputation 个人专业声誉
28% Organization stock price/ financial performance 组织股票价格/财务业绩
24% Organization job security 组织工作保障
20% Your personal job security 个人工作保障
3% Other (please specify) 其他
三、网络安全评估受到重视,但存在挑战
30% Challenge of integrating risk with maturity, and keeping up with industry threats, trends, etc. 将风险与成熟度相结合,了解行业面临的威胁
29% Hard to communicate concept of maturity vs. compliance to management 难以区分成熟度的概念和对管理层的合规性
27% Ensuring your organization has the expertise needed to understand and assess maturity 确保组织拥有了解和评估成熟度所需的专业知识
24% Lack a common scale/definition across organization 缺乏跨组织的共同规定/定义
21% Difficult to scale 难以扩展
21% Validating assurance that practices are in place 验证实践到位的保证
20% Difficult to track/communicate progress 难以跟踪/沟通进度
19% Choosing a framework or standard to follow 选择框架或标准
17% Don't know the appropriate maturity goals/targets 不知道适当的成熟目标/目标
16% None of the above 以上都不是
11% Maturity assessments will uncover too many problems 成熟度评估将发现太多问题
3% Other (please specify) 其它