New survey highlights the good and bad of cyber security’s global outlook

good-and-bad-of-cyber-security

The news these days is not good when you consider the state of cyber security around the world. Successful cyber attacks continue unabated while the security talent gap continues to widen. Throw into the mix a deluge of security data, difficulty securing containers, and other obstacles and you get mighty headwinds for IT security teams in 2019.

A new survey confirms these pain points but also includes some reasons for optimism. The sixth annual Cyberthreat Defense Report from CyberEdge Group includes the perspectives of IT security decision makers and practitioners across 17 countries and 19 industries to improve their security posture and which technologies they see as essential weapons against cyberthreats.

DXC Technology and our partner Micro Focus helped sponsor this year’s report, which serves as a guide for organizations to identify gaps in cyber attack defense, plan investments and deploy security technologies to mitigate cyberthreat risks.

The bad news: Cyberattacks on the rise

One key point I noted is that, after dipping slightly in 2017, the percentage of organizations affected by a successful cyberattack ticked upward last year. Nearly four in five organizations (78.0%) were victims of at least one successful cyberattack in 2018, compared to 77.2% in 2017. Likewise, the portion of respondents reporting more than 10 successful attacks grew from 9.0% in 2017 to 9.4% in 2018.

The survey also looked at the obstacles with which IT security professionals are struggling, including:

  • Data tsunamis: Having “too much data to analyze” has been a top-three inhibitor to establishing effective cyberthreat defenses for all six years of the survey. In 2018, it finally claimed the top spot.
  • Talent shortage: Coming in at number two in terms of obstacles is the talent gap, with 84% of organizations experiencing a shortage of IT security talent, up from 81% in 2017. In fact, the talent shortage has been one of the top three overall inhibitors to IT’s success in the fight against cyberthreats in each of the past three years.
  • Cyberthreat concerns: Malware retains its top spot on the list of cyberthreats causing the greatest concern, followed closely by ransomware and phishing. While malware was responsible for some of the largest data breaches on record in 2018, the percentage of organizations victimized by ransomware edged up in 2018, from 55.1% to 56.1%.
  • Hard-to-secure technology: Newer technology components such as application containers where cyberthreats are still emerging are more challenging to secure. Devices that infrequently connect to the corporate network also create hurdles for security teams. Survey respondents ranked containers, mobile devices, laptops and notebooks, and operational technology as most difficult to secure.

 The good news: IT security budgets increasing

Fortunately, IT security budgets are expected to increase in 2019 for 84% of survey respondents. In fact, respondents’ 2019 security budgets set a record for the highest single-year increase (4.9%) in the annual survey’s six-year history. For those in the U.S., IT security budgets are rising by an average of 5.1%, slightly higher than the global mean.

I’ve heard from a number of organizations that are placing top priority on making better use of the security data they’re generating. And, according to the survey, organizations are now investing heavily in security analytics. In fact, advanced security analytics tops the survey’s list of the top technologies for 2019.

Rapidly maturing machine learning and artificial intelligence technologies are also key enablers for improving security operations. A whopping 81% of respondents believe these technologies are materially helping organizations defeat advanced cyberthreats. Rounding out the top technologies for 2019 investment are user and entity behavior analytics (UEBA), full-packet capture and analysis, and threat intelligence services.

To help address the security talent shortfall, organizations are turning to automation solutions such as security orchestration, automation and response (SOAR) to boost efficiency and productivity of existing staff while relying on managed security service providers (MSSPs) to pick up part of the workload. The survey shows nine out of ten respondents’ organizations are engaging outside assistance in the form of seasoned consulting firms and/or managed security services (MSS) providers.

Yes, we should be bracing for attacks of greater frequency and sophistication in 2019, but we have the opportunity to tap into new technologies and resources to stay ahead of the cybercriminals.


Simon Arnell is security chief technologist, Office of the CTO, at DXC Technology. He has a background in applied security research and development, and in running client proofs of concept. Previously, Simon led the commercialization of the DXC DNS monitoring service and pioneered the use of software-defined networks for rapid incident response, as well as the application of stochastic process modeling and simulation for strategic security-policy decision support.

Comments

  1. Jonathan Sproule says:

    Thanks for the blog. Plenty of opportunities ahead. Exciting times.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: