This year, security teams face more challenges — old and new — and grapple with high rates of burnout. Cloud complexity, supply chain attacks and additional obstacles are pushing security teams to the limits, and inspiring new responses. New research points to key strategies that will help organizations weather the complex challenges and attacks ahead.
Today, Splunk published The State of Security 2022, research conducted with the Enterprise Strategy Group. The global survey of more than 1,200 security leaders reveals that we’re seeing not only an increase in detected attacks, but also a rise in breaches. Sixty-five percent of organizations report that they’re facing more attacks, and 49% say they suffered a data breach in the past two years (up from 39% a year ago).
Ransomware attacks are up, and more organizations are forced to pay up. Among respondents who fell victim to a successful ransomware attack, 66% paid the ransom, and only 33% restored from backup instead. Notably, among those who have not yet fallen victim, only 42% think that their organization is likely to pay off the attackers, suggesting that a significant percentage are overconfident.
Security teams struggle to keep up with an increasingly complex threat landscape, made worse by the two-year-old COVID-19 pandemic, the steep rise in remote work, and high-impact ransomware and supply chain attacks. Organizations are literally paying the price — $33.6 million is the average annual cost of cybercrime-induced downtimes in our survey group.
It’s particularly concerning that security teams today are mired in reactive firefighting. Instead of focusing their efforts on preventing attacks before they happen, 59% of security teams say they have to devote significant time and resources for remediation. Close to a third of their time is spent responding to crises rather than preparing for supply chain, ransomware and other advanced attacks.
The top security challenges that keep teams in this reactive state include overwhelming tool complexity, hiring and retention challenges, and cloud complexity and lack of visibility. With too many tools, too few analysts and not enough time, security teams have experienced their own version of the Great Resignation: Nearly three-quarters report that colleagues have quit due to burnout, and 70% have considered quitting themselves.
Despite these troubling trends, organizations are taking stock of these challenges and adopting advanced technologies to improve resilience. Among the security leaders surveyed, the main responses include:
- Improving collaboration between CISOs and their C-suites and boards, investing in talent and training, and doubling down on key technologies
- Investing in SOAR technologies, which two-thirds of organizations are doing; the rest use the automation and orchestration capabilities in their SIEM solution
- Integrating non-security analytics solutions (for business, ITOps, risk management) with cybersecurity-specific analytics to support decision-making (77% are doing this already)
- Increasing security budgets, which an overwhelming 93% of organizations have done
Some particular measures to highlight here include investing in analytics and automation, which will help security teams detect and respond to more incidents in less time, as well as allow them to shift attention from mind-numbing, easily automated tasks to higher-priority issues. We’re already seeing organizations increase investments in these areas, and we’ll also see security analytics play a bigger role in shaping security strategies and decisions.
Rising adoption of DevSecOps processes also is improving organizations’ security postures, and we expect to see increased reliance on the SBOM, or a software bill of materials, to itemize all the components of an organization’s software to facilitate quick, thorough response to supply chain issues.
The task of defending our data and infrastructures against attacks never ends, but as strategies shift and organizations put more resources into security, we can hope to apply a few new tricks to stay ahead of our adversaries.
For more on the challenges that security organizations face, and the strategies they’re relying on, read The State of Security 2022.