10.9 C
New York
Sunday, January 29, 2023

Buy now

Cybersecurity budgets are not aligned with cybersecurity challenges

A new study finds that due to the growing threat surface from hybrid work and third-party vendors, only half of organizations have the budget to meet current cybersecurity needs.

A person making withdrawal calculations on a calculator with floating icons of interconnected locks
Image: VideoFlow/Adobe Stock

With the downsizing of the tech sector, with headliners such as Amazon, Microsoft, Meta, Google and Salesforce, Coinbase, Crypto.com, Lyft, Netflix, Intel and many more, companies face 2023 with a thin pool of security experts and tighter budgets.

SEE: How to Recruit and Hire a Security Analyst (TechRepublic Premium)

Results of a bimonthly online poll of security professionals in EMEA and the US by the Neustar International Security Council suggests that few organizations believe they have adequate defenses for their threat surfaces, and only half of respondents said they have sufficient budgets to meet their security needs. Only one in ten admit they are willing to protect only their most critical assets.

Security teams asked to do more with less

Carlos Morales, senior vice president of solutions at Neustar Security Services, acknowledged in the study that IT teams become overburdened as threats intensify, forcing them to take on new responsibilities and new initiatives – while facing with staff shortages.

“With increasing budgetary pressures, IT and security teams are once again being asked to do more with less, which is likely to accelerate the adoption of service-based offerings that allow companies to flexibly scale resources based on demand,” said Morales.

Third-party providers increase the threat surface

Eighty-five percent of respondents said hybrid working has increased dependency on their organization third party suppliers for outsourcing staff and resources, and 78% said the development has made their organization more exposed to attacks.

Respondents rated distributed denial-of-service attacks as the top perceived threat (22%), followed by system compromise (20%) and ransomware (18%), with 87% of respondents reporting their organization was a victim of a DDoS attack at some point.

A majority of companies surveyed said they outsource their DDoS mitigation, with most (60%) taking between 60 seconds and five minutes to start mitigation.

In the survey of corporate managers and senior directors, CTOs and other professionals, only 34% of respondents said they believe their current cybersecurity strategy is very adequate, while about 60% consider it somewhat adequate.

SEE: Mobile device security policies (TechRepublic Premium)

Leaders are concerned about increasing complexity of attacks

In addition to doubts about corporate security strategies, 35% of respondents said their organization’s cybersecurity budget would stay the same or decrease in 2023, and 44% of these individuals believe their company will be more exposed and at risk as a result.

When survey participants were asked to identify the top current risks to their organization’s IT security posture:

  • The biggest concern was the increase sophistication of attacks, a sentiment shared by 60% of respondents.
  • Increased attacker activity, cited by 54% of respondents, was the second most common concern.
  • Budget constraints and an expanded attack surface from an increasingly borderless business were each cited as concerns by 35% of respondents.
  • 27% of respondents pointed to resource shortages such as talent, security skills gaps and burnout.
  • 19% of those surveyed cited too many tools and alerts to manage as a risk.

A large majority of respondents agree that C-suite and board-level decision makers understand the current security threats facing their business (83%), recognize the importance of a multi-layered defense strategy (81%), and ensure the organization is protects an integral part of business operations (80%). However, a significant proportion of participants (69%) are also concerned that current budget constraints limit the use of new strategies, technologies and implementation practices.

When asked which threat vectors they thought were emerging, ransomware was the most cited (75%), followed by phishing (74%), DDoS attacks (72%), and targeted hacking and social engineering via email (71%) .

Resilience includes bringing CISOs to C-Suite

Based on a recently released survey-based study by the World Economic Forum, more than half of cyber leaders meet with business leaders on a monthly or more frequent basis to discuss cyber-related topics. The benefits are significant, according to respondents at companies that follow this practice, because it highlights cybersecurity priorities.

The WEF survey found that 36% of respondents who meet at least monthly believe their organization is cyber-resilient. Only 8% of those respondents indicate that their organization is not cyber-resilient or concerned about their organization’s ability to be cyber-resilient.

The WEF study also suggests that direct conversation between CISOs and business decision makers can have a healthy impact on cybersecurity budgets, but a third of surveyed cybersecurity leaders cited leadership support as the most challenging aspect of managing cyber resilience.

Upskilling will be a critical part of reverse engineering attacks and covering zero-day vulnerabilities and more. Consider downloading these tools to become an ethical hacker and reap the benefits.

Source link

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles