Cybercrime underreported says ISACA 2019 report on cybersecurity trends

The Information Systems Audit and Control Association, a global network of over 460,000 IT professionals, produces an annual “State of Cybersecurity” report that tracks cybersecurity trends and emerging threats. Part two of the 2019 study has interesting revelations, the biggest of which is the apparent scope of underreporting of cybercrime.

ISACA surveys 1,576 cybersecurity professionals in decision-making positions in their organizations. Respondents are with organizations ranging in size from enterprise to small-to-medium.

The headliner of the most recent report is the underreporting of cybercrime around the globe, which appears to have become normalized. About half of the respondents indicated that they feel that most enterprises do not report all the cybercrime that they experience, including incidents that they are legally obligated to disclose.

This is taking place in a cybersecurity landscape where just under half of the respondents said that cyberattacks had increased in the previous year, and nearly 80% expect to have to contend with a cyberattack on their organization next year. And only a third of the cybersecurity leaders reported “high” confidence in the ability of their teams to detect and respond to such an attack.

ISACA 2019 attack trends

The ISACA report identified the top threats as coming from cybercrime groups and hackers, which one would expect. The third-greatest threat is from nonmalicious internal employees; that is to say, Bob in accounting who unwittingly clicks on a phishing email link and opens the entire network up to attackers.

The leading types of attacks are no surprise, either: phishing, malware, and social engineering. Despite a seeming resurgence in early 2019, the cybersecurity trends survey reports that ransomware is down significantly—only 20% of respondents experienced such an attack this year, down from 37% in 2018.

To read more: CPO magazine

Assess your systems and manage your cybersecurity risk

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us.

Credit Union Resources has added LEO Cyber Security to its IT consulting services. LEO provides deep experience and operational knowledge to combat cybersecurity gaps.

To evaluate credit union resiliency, NCUA and state auditors are evaluating cybersecurity programs rather than tools such as antivirus and firewalls. To address this change, LEO developed a solution for credit unions of all sizes with:

• Continuous monitoring (as a service): LEO Security’s operations platform provides visibility for its threat analysts, who monitor IT environments for attacks or policy violations.
• Incident response (IR): LEO assists in updating IR procedures and performing annual tabletop simulations, which take stakeholders through fictitious incidents, training them for their roles and responsibilities.

Let us help you with your cybersecurity needs. Contact us today.

About LEO
LEO is a seasoned team of cyber trailblazers and creative practitioners who have the deep experience and operational knowledge to combat the cyber skills gap. Through creative solutions, LEO helps customers build and manage security programs. Learn more at leocybersecurity.com.

About Credit Union Resources, Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a part of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas. Learn more at curesources.coop.