Fortra unveiled the findings from its first-ever 2024 State of Cybersecurity Survey, shedding light on the hurdles faced by security professionals in the past year and their strategic focus areas amidst digital transformation and a complex security landscape.
Hybrid Environments: A Mixed Bag of Risks and Responses
The survey reveals a consensus among organizations on the primary security risks for the next six months: phishing (81%), malware and ransomware (76%), and accidental data loss (63%). These are closely followed by concerns over social engineering (55%) and third-party risks (52%).
In response, security professionals are prioritizing initiatives including countering outsider threats like phishing and malware (74%), identifying and rectifying security gaps (73%), enhancing security culture (66%), securing cloud environments (63%), and ensuring compliance (62%).
Antonio Sanchez, Principal Cybersecurity Evangelist at Fortra, connects these priorities to the rapid shift to cloud computing. “The impacts of this rapid migration – weak policies, poor container security, misconfigurations, and gaping security holes – came home to roost in 2023 and the consequences will still be playing out this year,” he explains.
Sanchez adds, "Improving controls around phishing and malware, along with identifying new attack vectors for hardening, are now top focuses. There’s a recognized direct correlation between enhancing security awareness and bolstering phishing and malware defenses, hence the emphasis on improving security culture."
64% of survey respondents reported operating in a hybrid environment, with 19% adopting a cloud-first approach and 12% being cloud-only. Interestingly, the 6% not planning to move to the cloud cited security concerns (77%) as their primary reason.
Skill Shortages and the Rise of Managed Security Services
Budget constraints (54%), the ever-evolving nature of threats (45%), and a lack of security skills (45%) were identified as the main obstacles in implementing security strategies. Despite the push towards zero-trust principles, a quarter of respondents indicated they aren't planning to implement them due to resource limitations.
Wade Barisoff, Director of Product, Data Protection at Fortra, comments on these challenges: “The skills gap has led to a very transient cybersecurity culture, with analysts required to be experts in multiple domains. This lack of specialized expertise is a significant concern.”
To combat these challenges, 67% of organizations are focusing on upskilling their staff. Moreover, there’s an increasing reliance on managed security services, particularly in areas like email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%).
Josh Davies, Principal Technical Manager at Fortra, observes, "Burnout is a trend causing skilled professionals to leave or transition into more specialized roles. This puts additional pressure on remaining staff. As a result, we’re seeing a spike in the adoption of managed security services to alleviate some of this operational burden."
Moving Forward
The findings from Fortra’s survey highlight the multifaceted challenges faced by security professionals today. With the focus shifting to improving security cultures, bridging skill gaps, and leveraging managed services, the cybersecurity landscape is poised for significant strategic changes in the coming year.