Arctic Wolf published a report, providing insight into the current and future state of cybersecurity teams as they attempt to move their security programs forward while dealing with an ever-evolving threat environment.
The report is based on findings from a recent global survey of more than 300 global security leaders. The research findings show that a multitude of perennial security challenges continue to hamper organizations in accomplishing their security objectives in 2022.
Persistent weaknesses trump novel attack methods as top security concerns
Ongoing security concerns such as ransomware, phishing and vulnerabilities don’t just monopolize headlines, they’re taking up security professionals’ headspace, too. Incessant threats from attackers with far more resources feels like a lost cause. Shifting security strategies to operationalize resources, optimize talent and weaponize defenses is the way forward to deterring attackers and minimizing risk.
- 70% of new customers surveyed are found to have existing latent threats when they are onboarded
- 81% of respondents rated vulnerabilities and unknown misconfigurations as the biggest security concerns within their environments
- 50% of organizations say their security budget in 2022 is lacking in a way that will not let them achieve their security objectives, and
- 30% of organizations with cyber insurance who were surveyed say their policy costs went up or were cancelled outright in 2021, while 35% of organizations currently operate without any form of cyber insurance.
The Great Resignation widens the cybersecurity skills gap
Finding, training, and retaining cybersecurity talent has long been a challenge for most organizations, but as 2021 saw the rise of the Great Resignation across many industries, IT and security leaders continued to face significant hiring hurdles.
- 84% of organizations surveyed state they have not been able to fulfill their target headcounts regarding security staff
- 76% of respondents say that their primary obstacle for achieving their cybersecurity objectives is either the struggle to hire staff or the lack of expertise within current staff, and
- 44% of those surveyed do not have any staff members assigned to security as their fulltime or primary function.
Cloud adoption is outpacing cloud security
With 99% of organizations now using one form of public or private cloud, the rate of cloud adoption is quickly exceeding the internal capabilities of organizations to secure their cloud environments even when adopting shared responsibility models.
- 47% of all incidents investigated include at least one cloud component
- Only 19% of organizations surveyedare using cloud security posture management (CSPM) as a way of securing their cloud resources, and
- Of the organizations surveyed that lack CSPSM capabilities, only 22% currently have plans in place to add it to their security program.
“In a time of rapidly advancing technologies, emerging threats and adversary groups, and a growing attack landscape dominating news headlines, it is executing on security fundamentals and dealing with perennial threats that continue to be top of mind for IT and security leaders looking to better secure their organizations,” said Ian McShane, Field CTO, Arctic Wolf.
“Companies that can rely on a mature security operations practice in 2022 will find themselves more secure, more resilient, and better able to adapt to the multitude of internal and external risk factors.”