Half of global IT leaders said they are not “fully confident” in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, Internet of Things and application attacks, according to a new global survey conducted by Rackspace Technology. Moreover, when asked about their attack response capabilities, fewer than half (45 percent) of respondents said they can effectively respond to incidents, mitigate threats (43 percent) or understand the nature of the threats they are facing (42 percent).
The survey of 1,420 IT professionals also found widespread uncertainty that organizations possess the talent and skills to meet cybersecurity challenges, with 86 percent of respondents saying their organizations lack the necessary skills and expertise to respond to a growing array of threats.
“Though most respondents to our survey said they are ‘prepared’ for cyber-attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated,” said Jeff DeVerter, chief evangelist at Rackspace Technology. “Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work—largely driven by the pandemic—have made the security environment much more challenging. Few organizations actually have the people, processes and technologies that match a modern cybersecurity model.”
IT Trends Driving Cyber Complexity
The ubiquity of the cloud, DevOps methodologies (a set of practices that combines software development and IT operations) and the condensing of development cycles, coupled with other IT trends, have made addressing cyberthreats an increasingly complex task, the report claimed. Half of the survey respondents (49 percent) cite the growth in cloud and IoT as key challenges, followed by new threats and attack methods (46 percent) and the growth in data volumes, digital operations, and remote work (45 percent), which has resulted in increased opportunities for attackers.
Forty-eight percent of respondents said their ability to manage application security in a more complex environment is influenced by new ways of working, including DevOps and Agile development practices. Other dynamics include faster release/delivery cycles (46 percent), the growth in microservice application architectures (46 percent), hybrid/multicloud environments (46 percent) and container runtime environments (44 percent).
When asked about the nature and targets of the cyberattacks they are most concerned about, network/platform attacks (58 percent) lead the way, followed by web application attacks (52 percent) and network operating system attacks (51 percent). Half (50 percent) are concerned about Advanced Persistent Threats, while 47 percent involve stolen credentials and 41 percent are concerned about unauthorized exposure to data.
Talent and Staffing Pain Points
More than half (52 percent) of survey respondents said they have difficulty recruiting and retaining cybersecurity talent, with the greatest skill gaps in the areas of cloud security (33 percent) and network security (30 percent), which respondents also identified as their most critical roles. Across the business, IT leaders cite lack of expertise (86 percent), lack of resources (81 percent), lack of time (70 percent) and lack of training information (63 percent) as their most pressing cybersecurity and compliance challenges.
Cloud, data, app, network and identity access are most frequently handled by in-house staff while nearly half (49 percent) outsource integrated risk security and (43 percent) task external partners to assist with network security.
“Organizations struggling with expertise, resources and time are still reluctant about enlisting external help,” DeVerter said. “Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.”