SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Report: Cybersecurity pressures on the rise - but there is a solution
Mon, 6th Aug 2018
FYI, this story is more than a year old

In our increasingly digital world, every advance we make is often accompanied by a new avenue for cybercrime.

This has made way for a lucrative cybersecurity industry with an insatiable appetite for new recruits, presenting great opportunities for security professionals – but also great responsibility.

Hence why Trustwave conducted its comprehensive 2018 Security Pressures report of 1,600 in-house cybersecurity professionals around the world to determine how much stress they are actually under and whether it is on the rise.

The short answers? A lot and yes.

The annual report found that the majority of respondents (54 percent) experienced more security pressures than the year before – the fifth consecutive year pressures have increased.

Trustwave managed security vice president  (APAC) Sam Julien says he doesn't expect this to be changing anytime soon.

“As long as cybercrime remains a massively profitable industry, it will, just like legitimate industries, continue to evolve through adaptation and innovation," says Julien.

In terms of greatest concerns at the operational level, advanced security threats like sophisticated malware and zero-day vulnerabilities topped the list with 26 percent, followed by lack of budget with 17 percent, and lack of skilled security expertise at 16 percent.

Breaking it down to the most pressure-inducing security threats, phishing attacks were the decisive riser after increasing from eight percent to 13 percent in line with the increased sophistication of social engineering attacks.

However, preventing malware (including ransomware) retained its position as the top inducer of stress with 22 percent, following by identifying vulnerabilities at 17 percent.

And so the question arises, within the organisations who are applying the most pressure? 39 percent of respondents assert it's coming from C-level executives, board members and business owners, while 27 percent say it's from direct managers.

However, it's not all doom and gloom. Despite feeling more pressure, 54 percent of respondents say they're actually more confident than they were five years ago in their ability to secure their organisation. Furthermore, 42 percent (an eight percent rise from the year before) felt less pressure to roll out projects before security concerns were addressed.

And finally, organisations are acting on these burdens as one of the fastest growing responses to swelling security pressures is the increased adoption of managed security models that offer a host of technology solutions and expertise on demand.

33 percent of respondents are already partnered with a managed security services provider (MSSP), while a further 45 percent plan to in the future. The top three reasons for taking this path are skill shortages with 31 percent, deploying and operating hard to use security technologies at 30 percent, and assisting with security automation at 28 percent.

“As this year's report depicts, it's this continuous advancement of the threat landscape, coupled with internal resource constraints, that's racketing up the pressure for those charged with securing assets,” says Julien.

“But it is encouraging that findings also suggest organisations are shifting away from treating security as an afterthought to focus on practices such as secure code development, frequent security testing, and bolstering internal capabilities through managed service models to ease pressure.

It is certainly promising to see that more businesses are latching onto the MSSP model as it can (as long as it's with the right provider) greatly enhance internal security teams who are most likely already time and resource depleted.

Now more than ever it's vital for security teams to fight fire with fire.

The full 2018 Security Pressures Report from Trustwave includes:

  • Which security threats are turning up the heat
  • Your biggest worries following an attack or breach
  • Which compliance mandates have you on edge
  • Two areas where you have pushed back against the pressure
  • Your biggest security wishes for the year ahead