The cyber skills gap is driving a significant increase in reliance on external managed service providers, according to the Neustar International Security Council (NISC).
89% of security professionals participating in the survey, conducted in March 2022, said their organizations had somewhat (45%) or greatly (44%) increased their reliance on external providers due to the ongoing talent shortage.
Survey participants were most likely to be currently seeking to hire individuals with cloud security skills (64%), followed by network operations skills (55%) and risk management and application development security skills (both 51%), while fewer than three in ten respondents (28%) said they were actively seeking to hire for DevSecOps skills.
The shortage of cybersecurity skills can hinder organizations’ ability to respond to new security challenges, and 85% of survey respondents agreed that accelerating digitalization was creating a more difficult security environment for their organizations. And although 92% acknowledged that implementing a digital initiative without fully understanding or addressing potential security challenges is a mistake, 56% said their organization had rushed to implement a digital initiative anyway.
The survey did reveal one surprise. “Considering that both the enterprise technology environment and the general threat landscape are changing so rapidly, we did not expect such a large majority of respondents — 86% — to state that they understood the security risks to their organization as well as they did two years ago,” said Carlos Morales, SVP of solutions at Neustar Security Services.
“Whether the past few years have presented as an acceleration of existing trends or a systemic, foundational shift, security and IT organizations feel they have what they need to maintain active awareness of their risk exposure and emerging threats – thanks in part to an increased reliance on the trusted external partners protecting their infrastructure, data and people.”
When asked about their other top concerns during the reporting period of January and February 2022, the surveyed security professionals classified DDoS attacks as their greatest concern (ranked highest by 22% of respondents), followed by system compromise (20%) and ransomware (17%).
Ransomware, DDoS attacks and generalized phishing were the threats most likely to be perceived as increasing during the reporting period. The threats that organizations focused their ability to respond to most during this period were vendor or customer impersonation, targeted hacking, and ransomware.
Of the enterprises surveyed in March, 84% reported having been on the receiving end of a DDoS attack at some point. 56% reported outsourcing their DDoS mitigation, and 60% said it typically took between 60 seconds and 5 minutes to initiate mitigation, in line with previous reporting periods.