Report: The State of Cybersecurity in Florida

Just recently The Florida Center for Cybersecurity released their 2017 report, The State of Cybersecurity in Florida.

So what IS The Florida Center for Cybersecurity?  It’s a statewide agency located at USF in Tampa that works with all State University System of Florida institutions, industry, the military, government, and the community to build Florida’s cybersecurity workforce.

The report is the first they’ve done.  It looks at the cyber threat environment, workforce supply and demand, education and training opportunities, and research initiatives within the State of Florida.

In particular, here are some of its findings (and my comments):
In regards to the talent shortage:

  • 68% of organizations surveyed report cyber staffing challenges.
  • Compensation for mid- and junior-level positions in Florida is $5,000 to $10,000 per position higher than the national average.
Ok.  But *why* are orgs having a problem finding talent?  Don’t just assume it’s due to lack of talent.  It could be that companies job postings are bad, what they look for is unrealistic, or the orgs have a bad rep.  And I have a problem with the claim that compensation is *higher* then average.  I’m seeing posting where companies are offering below average compensation.  Again, MAYBE in some areas (like maybe Tampa) this is true, but not in other areas.

Even reading further in the report, its not clear the authors know what the average is that people should be paid.

Next, there is an overview of the threats facing Florida businesses:

  • Reports of corporate data breaches in Florida rose 17.8% between 2015 and 2016
  • 41% of organizations surveyed report having suffered a breach
  • Only 32% of organizations surveyed are confident they are prepared for a cyberattack

A look at the steps organizations are taking to mitigate these threats:

80% of organizations surveyed require all personnel to complete security training
87% of organizations surveyed technologically enforce strong passwords
More than 85% of organizations surveyed have disaster recovery and business continuity plans (though only 32% regularly test those plans)

Sadly, this doesn’t surprise me.  Employee security training is just security awareness training.  But how good or effect is it?  Again, how good are those BC/DR plans?  Since only a third test them, who knows?  Scary when you consider we have to worry about hurricanes, and we had Irma last year go thru the whole state.

I hope this will be an annual report.  I would like to see a larger group providing information, tho it seems this one was pretty diverse in terms of location and industry.

Check it our yourself.

*** This is a Security Bloggers Network syndicated blog from Michael on Security authored by Michael R. Brown. Read the original post at: