While most cybersecurity professionals continue to profess they are moderately to highly confident in the overall security posture of their organization growing concerns about phishing and ransomware attacks appears to be taking its toll.
A new survey of 400 cybersecurity professionals participating in the Information Security Community on LinkedIn published this week by Crowd Research Partners finds that 79 percent of the respondents are either moderately to highly confident in their organization's security posture. But the majority of the respondents (42%) identified themselves as only being moderately confident. Sapping that confidence appears to be growing concerns about threats such as ransomware (48%), phishing attacks (48%) and data exfiltration/data loss (47%). The survey finds that at the root of those concerns are challenges when it comes to being able to actually detect threats (62%), even though over 90 percent of the respondents had invested in a cyberthreat intelligence platform.62% of #cybersecurity pros are concerned about being able to detect threats, even though over 90% of them have invested in a cyberthreat intelligence platform.Click To Tweet
The biggest obstacles cited by IT security professionals, however, are not changing. Lack of budget (51%), lack of skilled personnel (49%), and lack of security awareness (49%) are again identified as the most pressing issues. Only 36 percent said their organizations would be increasing their IT security budgets in the next 12 months. But only 10 percent said the IT security budget would decline.
Despite those issues, however, over two-thirds say they can detect and respond to a security threat in under 24 hours. A total of 29 percent said it takes their organizations only a few minutes to hours to recover from an attack, while another 36 percent put that time in the range of somewhere less than a week. Nevertheless, just under a third (32%) say they expect their organizations will be compromised by a cybersecurity attack in the next 12 months.
In short, most cybersecurity professionals these days are becoming increasingly conflicted. Confidence in cybersecurity defenses is relatively high. The issue is that phishing and ransomware attacks essentially bypass those defenses by tricking end-users into downloading malware on to an endpoint in a way that essentially bypasses those defenses. The only real defense is to continually backup data to make sure pristine copies of critical data are always available. How long that malware lies dormant on an endpoint or when it might start attempting to encrypt or steal data is anybody’s guess. It’s that level of uncertainty that starts to gnaw at the confidence of the average cybersecurity professional.IT organizations may have to accept a certain amount of fatalism when it comes cybersecurity.Click To Tweet
Beyond continually educating end users about how to detect phishing scams there’s not much cybersecurity professionals can do beyond shoring up their ability to detect and then contain a malware infestation. The assumption they need to make is that cybercriminals have already employed a phishing attack to do an end run around their perimeters. That doesn’t mean cybersecurity teams should give up defending the perimeter. But it does mean barring any major advances in threat detection employing, for example, machine learning algorithms, IT organizations will now have to accept a certain amount of fatalism when it comes cybersecurity. Naturally, that’s going to be tough for many IT cybersecurity professionals to accept. But the alternative to the detriment of their organizations is for cybersecurity professionals to drive themselves well beyond the point of distraction.
Mike Vizard berichtet seit mehr als 25 Jahren über Themen aus dem IT-Bereich und hat eine Reihe von Publikationen im Bereich Technologie herausgegeben oder zu diesen beigetragen – darunter InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet und Digital Review. Derzeit bloggt er für IT Business Edge und wirkt bei CIOinsight, The Channel Insider, Programmableweb und Slashdot mit. Mike bloggt außerdem über aufkommende Cloud-Technologie für SmarterMSP.