What’s the best way to fend off advanced cyberattacks? What keeps information security professionals awake at night? How do they rate their knowledge of cybersecurity issues? These questions and more are answered by Bitdefender’s 2019 Hacked Off! report.
Bitdefender is a trusted provider of award-winning cybersecurity technology. Last year, Bitdefender released their Hacked Off! report, which explores the attitudes of cybersecurity professionals towards pressure points, weak spots, stress factors, and strategies. The result is an illuminating glimpse at how organizations can best support their cybersecurity teams.
Here are some of the biggest trends and takeaways from the 2019 report.
1. Breaches are getting harder to detect
One of the most surprising findings in the Bitdefender report is that detecting cyberattacks may be getting harder than it was in the past. Thirty-six percent of cybersecurity professionals think their companies are facing cyberattacks without realizing it.
This data casts a new light on information that had previously shown a decrease in the number of organizations victimized by cyberattacks last year. In other words, the lower number of attacks could be attributed to a failure to realize an attack was even taking place, not because the rate of attacks is decreasing.
This information is concerning and means it’s more important than ever to make sure information security staff have the training they need to quickly and accurately identify breaches.
2. Training is the key to defending against advanced attacks
Organizations that emphasize training are best at quickly detecting and isolating cyberattacks, according to Bitdefender. This is backed up by data from the 2019 Hacked Off! report, which shows that:
- 38% of cybersecurity professionals agree that adequate training is the key to defending the company against advanced attacks
- 72% of respondents said that a lack of knowledge is the biggest obstacle standing in the way of rapid incident detection and response
- 19% of information security professionals rate their cybersecurity skills as “excellent”
When it comes to keeping your networks and devices secure, the value of training can’t be underscored enough. Fortunately, the information security field is ripe with opportunities for continuing education: certifications, conferences, professional associations and workshops offer professionals a chance to sharpen their skills and catch up on new technology.
3. General employees lack cybersecurity knowledge
What stressed out information security professionals most at work? According to Bitdefender’s report, 36% of cybersecurity staff indicated that they are stressed out by general employees who lack cybersecurity knowledge.
Safeguarding your organization from cyberattacks is a team effort. Just like the phrase “a chain is only as strong as its weakest link,” your organization is only as secure as its most vulnerable staff member. In fact, up to 20% of breaches are caused by employee negligence, according to the report.
This isn’t just limited to general employees. An additional 30% of information security staff noted that they’re stressed out by senior management not having a grasp of cybersecurity. These statistics highlight the importance of information security training across the entire organization — not just security and IT teams.
4. Training and support alleviate staff pressure
While a little bit of stress is expected for cybersecurity work, be aware that there are factors that put an undue level of stress on information security professionals. Figuring out ways to make their day-to-day lives a little easier is more important than ever in terms of retention.
Bitdefender reported that just over half (53%) of information security professionals have thought about leaving their jobs due to their team being under-resourced. This goes for both financial resources as well as staff resources.
While the constraints caused by limited financial resources are self-explanatory, the lack of staff resources requires a bit of context — namely, the cybersecurity skills gap. Lots of organizations are struggling to fill empty seats, which can put extra pressure on existing employees to cover gaps in the security team.
The report suggests that organizations can alleviate some of this pressure by prioritizing training and support for their existing staff members. To put this into perspective, the report’s participants indicated whether their own cybersecurity knowledge was excellent (19%), very good (33%) or just good (29%). While these numbers are good overall, Bitdefender suggests that additional investment in cybersecurity training will boost these numbers and reduce talent pressure.
5. Small organizations face the greatest challenges
Smaller companies face bigger cybersecurity challenges than their larger counterparts. This comes down to two key reasons — fewer resources in terms of staff, budget and technology; and limited access to the cybersecurity skills and knowledge they need to succeed.
Bitdefender found that only 70% of organizations have a Security Operations Center (SOC). SOCs are important because they’re dedicated to providing 24/7 proactive monitoring and threat hunting. Companies that don’t have their own SOC face greater threats and obstacles because they’re less equipped to:
- Rapidly respond to potential threats
- Quickly investigate suspicious activity
- Keep up with monitoring activities and alerts
However, the high cost of maintaining a SOC means they’re not always feasible for small businesses. So, what can smaller companies do to close this gap? Bitdefender suggests automated security solutions, which can supplement smaller staff with tools and resources.
Trends and takeaways
Bitdefender’s 2019 Hacked Off! report shines an important spotlight on the attitudes information security professionals have towards their job. One of the biggest takeaways is that training and knowledge are more important than ever.
Not only does investing in staff training help your organization stay ahead of cyber-threats, but it also reduces staff pressure. Although the skills gap the information security industry is facing doesn’t appear to be going away anytime soon, providing your existing staff with the training resources they need will go a long way towards bridging the gap.
- Hacked Off!, Bitdefender