The report calls on companies to adopt proactive measures to identify weak links before they are exploited; broaden the security skills of their technology professionals; and implement top to bottom security training throughout the organization.
"Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated," said Seth Robinson, senior director, technology analysis, CompTIA. "But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them."
One of the challenges for organizations is that they tend to place the greatest emphasis on the cyber threats they understand the best. Malware and viruses, two of the oldest forms of cyberattacks, typically get the most attention.
"While we certainly need to remain vigilant about these threats, many other forms of attack have emerged that can carry disastrous consequences," Robinson said.
The majority of companies In the CompTIA study expressed only mild concern that they would be the target of ransomware, a dedicated denial of service, social engineering, Internet of Things-based attacks, or SQL injections.
"While many companies have moved in the direction of cloud computing, mobile devices and other new technologies, it's clear that a large number have failed to fully consider the corresponding security implications," Robinson noted. "Gaining an appreciation and understanding of the many threats in play today is the first step in threat management."