Only a fifth (21 percent) of cybersecurity professionals in a recent survey indicate they are not at all, or only slightly, confident in their organization’s security posture.
When asked about the top challenges facing their cybersecurity teams, respondents cited detection of advanced threats (62 percent) and detection and/or mitigation of insider threats (48 percent) as the two top security challenges. Furthermore, 41 percent lacked advanced security staff to oversee cyber-threat management and nearly a third (27 percent) lacked confidence in their automation tools catching all cyber threats.
“Advanced cyber threats present the most arduous task for cybersecurity professionals, and the survey results bear this out,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “Cyber attacks are increasingly difficult to detect, as the security threats presented by malicious actors become increasingly bold and sophisticated, particularly when attacking web applications.”
Lack of budget (51 percent), skilled personnel (49 percent) and lack of security awareness amongst employees (49 percent) weighed in as the most significant obstacles facing cybersecurity teams, inhibiting their organisations from adequately defending against cyber threats. In addition, when asked about the business impact of security incidents, system downtime was highlighted as having the biggest impact. Interestingly, revenue impact was only cited as a relatively minor factor (16 percent), suggesting that either security teams have evolved their maturity to effectively manage risk or lack full visibility into the downstream business impact of security incidents.
Respondents were asked about the likelihood of their organisation being compromised by a successful cyber attack in the next 12 months, compared to last year. Here, the survey found a remarkably even distribution of expectations. Roughly one third (32 percent) expected that a compromise was likely, while a slightly smaller number (29 percent) felt that a compromise was less likely.
“Lack of cybersecurity awareness and budget create a strain on an organisation’s ability to combat advanced cyber threats,” said Pinson-Roxburgh. “Organisations must foster an inclusive security culture, and consider security service models if they don’t have the budget for in-house expert security staff; otherwise organisations will continue to expose their IT infrastructure and their sensitive data to risks.”