Share this article on:
A new Rackspace Technology survey has found that half of IT leaders worldwide are not “fully confident” in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks.
The survey of 1,420 IT professionals also reveals widespread uncertainty that organisations possess the talent and skills to meet cyber security challenges, with 86 per cent of respondents saying their organisations lack the necessary skills and expertise to respond to a growing array of threats.
When asked about their attack response capabilities, fewer than half (45 per cent) of respondents say they can effectively respond to incidents, mitigate threats (43 per cent), or understand the nature of the threats they are facing (42 per cent).
While most survey respondents say they are "prepared" for cyber attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated, according to Jeff DeVerter, chief evangelist at Rackspace Technology.
“Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work – largely driven by the pandemic – have made the security environment much more challenging."
"Few organisations actually have the people, processes and technologies that match a mature cyber security model,” DeVerter said.
The ubiquity of the cloud, DevOps methodologies and the condensing of development cycles, coupled with other IT trends, have made addressing cyber threats an increasingly complex task. Half of survey respondents (49 per cent) cite the growth in cloud and IoT as key challenges, followed by new threats and attack methods (46 per cent) and the growth in data volumes, digital operations and remote work (45 per cent), which has resulted in increased opportunities for attackers.
Forty-eight percent of respondents say their ability to manage application security in a more complex environment is influenced by new ways of working, including DevOps and agile development practices. Other dynamics include faster release or delivery cycles (46 per cent), the growth in microservice application architectures (46 per cent), hybrid or multi-cloud environments (46 per cent) and container runtime environments (44 per cent).
When asked about the nature and targets of the cyber attacks they are seeing, network or platforms (58 per cent) lead the way, followed by web applications (52 per cent) and network operating systems (51 per cent). Half (50 per cent) of all attacks are advanced persistent threats, while 47 per cent involve stolen credentials and 41 per cent result from unauthorised exposure to data.
“Organisations struggling with expertise, resources and time are still reticent about enlisting external help,” DeVerter added.
More than half (52 per cent) of survey respondents say they are having difficulty recruiting and retaining cyber security talent, with the greatest skills gaps in the areas of cloud security (33 per cent) and network security (30 per cent), which respondents also identified as their most critical roles. Across businesses, IT leaders cite lack of expertise (86 per cent), lack of resources (81 per cent), lack of time (70 per cent) and lack of training information (63 per cent) as their most pressing cyber security and compliance challenges.
Most respondents manage cyber security in-house, with less than a third enlisting external expertise, either through managed security service providers, managed detection and response providers or systems integrators. Cloud, data, app, network and identity access are most frequently handled by in-house staff while nearly half (49 per cent) outsource integrated risk security and 43 per cent are tasked to external partners to assist with network security.
“Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch,” DeVerter concluded.
[Related: Hop onboard the AI train]