The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis.
Nearly 60% of enterprises can't find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study.
The result? Heavier workloads, unfilled positions, and burnout.
And technology isn't easing the burden in many organizations, especially smaller ones. In fact, it's making the problem worse, suggests Cynet's recent CISO survey.
Big Tech Pushes Small Teams to the Limits
Tech stacks normally supercharge cyber security teams, but in the case of crews of five or fewer — it just leads to overwhelm. For example, it took them an average of 18 months to fully implement and feel proficient in endpoint detection and response (EDR) tools — making the technology yet another barrier to cyber security for the 85% of teams adopting it in 2022.
Survey Results: Top Threat Protection Product Pain Points
- Overlapping capabilities of disparate technologies: 44%
- Being able to see the full picture of an attack: 42%
- Deployment and maintenance of disparate technologies on one machine: 41%
- Lack of forensic information: 40%
- Missing reporting capabilities: 25%
Many of the issues smaller teams face with threat protection products are largely attributable to the fact that they're designed for larger organizations with bigger teams and budgets. Deloitte estimates the average security spend per employee across companies of all sizes is $1,300 to $3,000, but the companies surveyed were spending just $250 per employee, on average.
Blind Spots Plague Smaller Cyber Security Teams
In an era when even security platforms get hacked (Okta) and a compromised password can result in ransomware attacks triggering price surges at the gas pump (Colonial Pipeline), you'd think cyber security teams would scrutinize every single alert. Not so. Not among smaller teams.
Despite 58% of smaller companies perceiving their risk of cyber-attack to be higher compared to larger organizations, 34% said they ignore alerts that have already been remediated.
Moreover, 21% indicated that they only look at critical alerts, up from 14% last year. Again, too many capabilities and not enough skilled professionals may be to blame: just 35% said they had a full-time pro chasing all alerts.
The trend is concerning because these alerts could be signaling a larger cyber attack.
CISOs' Game Plan to Close Security Gaps
While CISOs can't train armies of new cyber security pros, they can reduce tech overwhelm. This year, the majority reported plans to consolidate their threat protection technologies; gain greater visibility into their threat landscape; and let automation do more of the heavy lifting for their teams.
Want to learn their solution for killing three birds with one stone?
Unpack key findings from the 2022 Survey of CISOs with Small Cyber Security Teams in this free webinar. In just 30 minutes, you'll discover the top challenges smaller cyber security teams face in 2022 and how their CISOs plan to overcome them.