The only threat more persistent to organizations than cyber
criminals? The cyber security skills crisis.
Nearly 60% of enterprises can’t find the staff
to protect their data (and reputations!) from new and emerging
breeds of cyber-attacks, reports the Information Systems Security
Association (ISSA) in its 5th annual global industry study.
The result? Heavier workloads, unfilled positions, and
burnout.
And technology isn’t easing the burden in many
organizations, especially smaller ones. In fact, it’s making the
problem worse, suggests Cynet’s recent CISO survey[1].
Big Tech Pushes Small Teams to the Limits
Tech stacks normally supercharge cyber security teams, but in
the case of crews of five or fewer — it just leads to overwhelm.
For example, it took them an average of 18 months to fully
implement and feel proficient in endpoint detection and response
(EDR) tools — making the technology yet another barrier to cyber
security for the 85% of teams adopting it in
2022.
Survey Results: Top Threat Protection Product Pain Points
- Overlapping capabilities of disparate technologies:
44% - Being able to see the full picture of an attack:
42% - Deployment and maintenance of disparate technologies on one
machine: 41% - Lack of forensic information: 40%
- Missing reporting capabilities: 25%
Many of the issues smaller teams face with threat protection
products are largely attributable to the fact that they’re designed
for larger organizations with bigger teams and budgets. Deloitte
estimates the average security spend per employee across companies
of all sizes is $1,300 to $3,000, but the
companies surveyed were spending just $250 per
employee, on average.
Blind Spots Plague Smaller Cyber Security Teams
In an era when even security platforms get hacked (Okta) and a
compromised password can result in ransomware attacks triggering
price surges at the gas pump (Colonial Pipeline), you’d think cyber
security teams would scrutinize every single alert. Not so. Not
among smaller teams.
Despite 58% of smaller companies perceiving
their risk of cyber-attack to be higher compared to larger
organizations, 34% said they ignore alerts that
have already been remediated.
Moreover, 21% indicated that they only look at
critical alerts, up from 14% last year. Again, too
many capabilities and not enough skilled professionals may be to
blame: just 35% said they had a full-time pro
chasing all alerts.
The trend is concerning because these alerts could be signaling
a larger cyber attack.
CISOs’ Game Plan to Close Security Gaps
While CISOs can’t train armies of new cyber security pros, they
can reduce tech overwhelm. This year, the majority reported plans
to consolidate their threat protection technologies; gain greater
visibility into their threat landscape; and let automation do more
of the heavy lifting for their teams.
Want to learn their solution for killing three birds with
one stone?
Unpack key findings from the 2022 Survey of CISOs with Small
Cyber Security Teams in this free webinar[2]. In just 30 minutes,
you’ll discover the top challenges smaller cyber security teams
face in 2022 and how their CISOs plan to overcome them.
References
- ^
Cynet’s
recent CISO survey (go.cynet.com) - ^
free
webinar (go.cynet.com) - ^
Watch
the on-demand webinar now. (go.cynet.com)
Read more https://thehackernews.com/2022/08/on-demand-webinar-new-ciso-survey.html