IT security teams challenges fueled by record-setting cyberattacks
IT security teams faced unprecedented challenges last year fueled by dramatically expanded work-from-home (WFH) programs, increased bring-your-own-device (BYOD) policy adoptions, and rising internal and third-party risks stemming from the COVID-19 pandemic, CyberEdge Group reveals.
Fallout included:
- Record-setting successful attacks. 86% of organizations experienced a successful attack, up from 81% the prior year, the largest year-over-year increase in six years.
- Record-setting ransomware attacks. 69% of organizations were victimized by ransomware, up from 62% the prior year. 57% of victims paid a ransom. Of those who paid, 28% failed to recover their data.
- Record-setting personnel shortages. 87% of organizations are experiencing a shortfall in skilled IT security personnel, up from 85% the prior year. IT security architects and engineers are in highest demand.
Rise in cloud-based security solutions
The percentage of IT security applications and services delivered via the cloud jumped from 36% to 41% in just one year. This supports key findings from previos CyberEdge research where we learned that 75% of IT security professionals had increased their preference for cloud-based security solutions.
In this study, we also learned that remote workforces increased by 114% and BYOD policy adoptions increased by 59% during the pandemic. So, it’s no surprise that many IT security teams are shifting their security infrastructure investments from traditional, on-premises offerings to modern, cloud-based solutions.
“The challenges faced by IT security professionals throughout the pandemic have been overwhelming,” says Steve Piper, CEO of CyberEdge Group. “Within the last 12 months, security teams have had to provide connectivity for a remote workforce that has more than doubled while mitigating risks associated with unmanaged, employee-owned devices. It’s no wonder we’re witnessing record-setting data breaches, ransomware attacks, and internal and third-party security risks.”
Additional key findings
The report yielded dozens of insights into the challenges IT security teams faced last year and the challenges they’ll likely continue to face for the rest of this year. Key findings include:
Slowing security spending. The average security budget will grow in 2021, but at a slower rate than a year ago (from 5% to 4% growth). For the first time in CDR history, the percentage of organizations with rising security budgets has declined.
Hottest security tech for 2021. Among the most sought-after security technologies in 2021 are next-generation firewalls (network security), deception technology (endpoint security), bot management (app and data security), threat intelligence platforms (security management and operations), and biometrics (identity and access management).
Embracing emerging technologies. The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (75%), and security access service edge (SASE) (74%).
This year’s weakest links. Mobile devices, IoT devices, and industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices top this year’s list of IT components most challenging to secure.
Decryption woes. 88% of organizations face challenges with decrypting Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic for inspection by network security tools. Failing to inspect encrypted web traffic elevates risks of cyberattacks and potential data exfiltration.
Training and specialty certifications in demand. 99% of research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security topped the list of eight specialty certifications in highest demand.
Integrating app and data security. “Simplified security monitoring” and “improved customer support experience” are cited as the top benefits achieved by integrating application and data security into the same platform.
Underinvesting in human vigilance. “Low security awareness among employees” tops this year’s list of IT security team inhibitors for successfully defending against attacks.
Reaping the benefits of DevSecOps. 93% of responding organizations are already realizing the benefits of DevSecOps practices. “Increased speed of deploying application updates” is the most-notable benefit achieved.