The stakes are higher than ever for organizations around the world regarding cybersecurity incidents, as mitigating such incidents is becoming more expensive and complex. According to the Fortinet 2024 Cybersecurity Skills Gap Report, a large majority (87%) of those surveyed said they experienced one or more breaches in the past 12 months which may be due to a lack of cyber skills. At the same time, malware attacks, phishing, and web attacks combined accounted for 80% of all attacks in the past year.
The number of resources needed to mitigate an incident is also increasing, with 63% saying it took more than a month to recover from a cyber attack. More than 50% (up from 48% in 2023) indicate that a breach cost their organization more than $1 million in lost revenue, fines, or other costs.
There is rarely a single point of failure where parties can report a breach, but common factors contribute to gaps in risk management efforts, and, cyber incidents. For those tasked with protecting their organization from cybercriminals, it is worth examining these features and understanding how they can effectively mitigate these challenges.
Top causes of cyber incidents
Leaders indicate that the three main causes of violations are:
- IT or security staff lacking the necessary skills and training (58%)
- Lack of organizational or employee security awareness (56%)
- Lack of cybersecurity products (54%)
For those businesses that have been victims of cyber attacks, it is encouraging to see that these incidents are motivating leaders to make changes within their organizations. Such actions include growing IT or their security team (65%), mandating cybersecurity training for IT and security staff (62%), introducing company-wide security awareness training (61%), purchasing new security solutions (59% ), and hiring. security forces (43%).
Many security and IT leaders face similar obstacles when it comes to breach prevention. The good news is that businesses can take many steps to alleviate these common challenges related to staffing, employee awareness, and technology.
Find and develop cybersecurity talent
The ongoing cybersecurity talent shortage continues to negatively impact security and IT teams. According to this year’s report, 70% of respondents agree that a lack of cybersecurity skills is creating new risks for their organizations. More than half say they struggle to identify, hire, and retain talent. Leaders also said they are having trouble finding candidates with specific expertise in network engineering and security, with 51% saying the talent pool in these skills is low.
As these challenges persist, organizations need to adopt new approaches to finding and cultivating security talent. Providing opportunities to train existing security professionals, recruiting talent from underserved communities, and partnering with higher education institutions and nonprofit organizations are all effective ways to reduce the skills gap and fill critical cybersecurity positions.
Organizations may find it easier to identify and hire diverse employees if certain requirements change. 71 percent of respondents said they need a four-year degree instead of considering people with non-traditional backgrounds such as boot camps and professional certifications. If organizations change their core requirements, this pivot—combined with the adoption of apprenticeships or training programs for hire, which 80% of respondents already offer—can help grow the talent pool.
Implement cybersecurity awareness training
Many of the most common types of attacks target individual users, underscoring the importance of all employees having a basic knowledge of cyber security. Empowered with the intelligence needed to detect and stop an attack, employees can be a strong first line of defense against adversaries.
According to Fortinet’s global research brief, 85% of organizations currently have a security awareness and training program in place. About three-quarters of those who don’t indicate they want to use one. Security awareness and training can take many forms, but all should include basic cybersecurity knowledge—phishing, ransomware, social media use, mobile device use, social engineering, and more—and allow the business to customize content to meet its needs. different.
Find the right technical solutions
Security analysts—and your employees—need the right tools and skill sets to combat threats and stay ahead of today’s attacks. It is important to combine skills, knowledge, and certifications with advanced technologies.
With more boards of directors (97%) prioritizing cybersecurity, security and IT leaders are likely to have more access to the resources they need to protect organizational assets. As they explore and implement new technologies, many groups are adopting a platform approach to cyber security. This philosophy offers security and IT staff many benefits, such as reducing reliance on point solutions, reducing overhead, and enabling native automation across multiple products.
Preventing breaches requires a multifaceted approach
As breaches continue to have a significant impact on organizations across industries, leaders must balance hiring skilled professionals, prioritizing company-wide security awareness training efforts, and finding technical solutions.
Better-trained, more experienced, and highly skilled security and IT professionals are critical to preventing cyberattacks, and organizations need to explore more creative strategies for recruiting and retaining talent. For example, businesses should set diverse hiring policies and embrace public-private partnerships designed to give people of all backgrounds and skill levels access to cybersecurity education and training. These professionals also need the right tools to protect the business from credit breaches. Finally, don’t forget about the important role of employees in the fight against cybercrime.
By taking a comprehensive approach to cyber security, security and IT personnel have a better chance of staying one step ahead of adversaries and effectively protecting their organization’s critical assets.
Source link