Current cybersecurity strategies and tactics needed to meet today's cyber threats are outlined in CompTIA’s “2021 State of Cybersecurity” report, based on a recent survey of 400 business and IT professionals in the United States.

Cyberattacks top list of company focuses

The cybersecurity issues organizations must consider are complex and numerous. Top of mind for companies are the volume and variety of attacks, cited by 49% and 43% of respondents, respectively. Privacy concerns (40%), greater reliance on data (38%) and quantifying security issues (34%) are other factors companies must account for when developing cybersecurity policies, implementing new practices and making investments.

The next investments in cybersecurity

Zero trust policies are the next consideration for many companies when it comes to cybersecurity. The report acknowledges that shifting to a zero trust policy is likely to be more expensive than other approaches. Among companies surveyed and currently pursuing a zero trust architecture, 75% have found that more investment is required for zero trust than for their previous cybersecurity initiatives.

Processes to implement the cybersecurity policy are the next step. Security monitoring (49%), workforce assessments and education (41%) and threat intelligence (41%) are among the processes most often used today. While most companies focus their monitoring on  traditional cyber threats such as viruses and malware, there is interest in improving knowledge around phishing, ransomware, firmware hacking, IP spoofing and other new types of attacks.

Ransomware threat still looms

With supply chain attacks grabbing recent headlines, ransomware continues to be a powerful threat, with the average cost of remediating a ransomware attack estimated at $1.85 million.

The use of workforce assessments and education is a reminder that the weakest link in cybersecurity continues to be humans. While not every employee requires the same level of cybersecurity knowledge and training, companies are keenly aware that skills must be kept current and relevant. Approximately four out of ten companies feel that they need significant improvement in skill levels.

Complexity also extends to the toolbox of cybersecurity products available to organizations. Antivirus software (54%) and firewalls (52%) remain the most commonly deployed solutions, with both becoming more robust in the protections they provide. Other products that are getting a closer look are password managers (44%), identity and access management tools (43%) and security information and event management solutions (41%).

Read the full 2021 State of Cybersecurity report here.