There is certainly a dearth of good news these days when you consider the state of cyberthreats around the world. Successful attacks continue unabated while the security talent gap continues to widen. Throw the deluge of security data, difficulty of securing containers, and other obstacles into the mix and you get mighty headwinds for IT security teams to struggle against.
Yet, despite the dire findings in the sixth annual Cyberthreat Defense Report from CyberEdge Group, you can also find reasons for optimism in 2019. From current and future investment plans to security practices and strategies, IT security decision makers and practitioners across 17 countries and 19 industries share their perceptions about how they plan to improve their security posture and which technologies they see as essential weapons against cyberthreats.
First, the bad news
After dipping slightly in 2017, the percentage of organizations affected by a successful cyberattack ticked upward last year. Nearly four in five organizations (78.0%) were victims of at least one successful cyberattack in 2018, compared to 77.2% in 2017. Likewise, the portion of respondents reporting more than 10 successful attacks grew from 9.0% in 2017 to 9.4% in 2018.
The survey also looked at the biggest headaches and obstacles with which IT security professionals are struggling, including:
- Data tsunamis: Having “too much data to analyze” has been a top-three inhibitor to establishing effective cyberthreat defenses for all six years of the survey. In 2018, it finally claimed the top spot.
- Talent shortage: Coming in at number two in terms of obstacles is the talent gap, with 84% of organizations experiencing a shortage of IT security talent, up from 81% in 2017. In fact, the talent shortage has been one of the top three overall inhibitors to IT’s success in the fight against cyberthreats in each of the past three years.
- Cyberthreat concerns: Malware retains its top spot on the list of cyberthreats causing the greatest concern, followed closely by ransomware and phishing. While malware was responsible for some of the largest data breaches on record in 2018, the percentage of organizations victimized by ransomware edged up in 2018, from 55.1% to 56.1%.
- Hard-to-secure technology: Newer technology components such as application containers where cyberthreats are still emerging are more challenging to secure. Devices that infrequently connect to the corporate network also create hurdles for security teams. Survey respondents ranked containers, mobile devices, laptops and notebooks, and operational technology as most difficult to secure.
Now, the good news
IT security budgets are expected to increase in 2019 for 84% of survey respondents. In fact, security budgets for 2019 set a record for the highest single-year increase (4.9%) in the annual survey’s six-year history. For those in the U.S., IT security budgets on average are rising by 5.1%, slightly higher than the global mean.
To get a handle on the data deluge and make better use of the robust set of security data being generated, organizations are investing heavily in security analytics. In fact, advanced security analytics top the survey’s most wanted list for 2019 for all technologies in the report.
Survey respondents also see the powerful benefits of rapidly maturing machine learning and artificial intelligence technologies. A whopping 81% of respondents believe these technologies are materially helping to defeat advanced cyberthreats. Rounding out the top technologies for 2019 investment are user and entity behavior analytics (UEBA), full-packet capture and analysis, and threat intelligence services.
To help address the security talent shortfall, organizations are turning to automation solutions such as security orchestration, automation and response (SOAR) to boost efficiency and productivity of existing staff while relying on managed security service providers (MSSPs) to pick up part of the workload. The survey shows nine out of ten respondents’ organizations are engaging outside assistance in the form of seasoned consulting firms and/or MSSPs.
There’s more to learn
The full 50-page Cyberthreat Defense Report contains valuable data, analyses, and findings that can be used by IT security teams to shape answers to important questions such as:
- Does our organization have gaps in cyberthreat defense compared to others?
- Are we staying on track with our cybersecurity strategy and practices?
- Which cybersecurity investments should we be making?
- Are we optimally deploying security technologies to mitigate cyberthreat risks?
Thanks to platinum sponsor DXC Technology and its partner Micro Focus, you can download a complimentary copy of the full Cyberthreat Defense Report or get an executive summary and infographic.