Cyberthreat Defense Report 2021: brief summary
This report may be one of those cyberthreat reports that flies under the radar and is possibly lost within the sea of recent reports, but it's worth a read for the following reasons:
- It's sponsored by, but not written by vendors.
- It's written from a strong sample size (1200) of cybersecurity professionals across 500 organisations and 19 geographies.
- It's written from a cybersecurity practitioners lens, allowing us to see it not only from a threats and statistics view (well covered by many other cybersecurity reports), but also how organisations are choosing to deal (and fund mitigations) against cyberthreat.
The report can be downloaded from ISC2's website here: CyberEdge Group Cyberthreat Defense Report (CDR) 2021 .
There's quite a lot of gold nuggets in this report, but I thought I'd share some of the salient points I thought were interesting (or validating):
- Biggest jump in reports of successful cyberattacks (86% of surveyed respondents)
- 57% of ransomware victims paid their attacker, although only 72% of them actually recovered their data (although ransomware attacker honouring payment being at 72% is up from 49% in 2018)
- Cloud adoption has continued to rise, up 41%.
- 8 years ago CDR 38% of survey respondents thought they'd be attacked in the coming year. Now 76%
Yet despite this....
- The trend of Cybersecurity budget increase has slowed to 4%
Across the countries, 10 to 15% of IT budget was allocated to cyber.
Common posture issues include: mobile and BYOD being a challenge to secure in a post-pandemic remote working world, third party risk management being a challenging IT security function, and IT security departments feeling overwelmed.
The number 1 barrier to adequately protecting their organisations against cyberthreats according to the respondents was "low security awareness among employees".
Poor security integration and interoperability of security technologies, and a lack of skilled personnel were rated as the next 2 reasons for inhibiting adequate preparedness against cyber risk.
2 of the most rated concerns of web attacks (web attacks accounting for 91% of intrusion attempts) were Account take over / credential stuffing attacks and Personally Identifiable Information harvesting. Those two seem to come as a packaged deal...
领英推è
Average payments for ransomware in 2020 ranged quarterly from 111k USD to 233k USD.
99% of respondents said a cybersecurity certification would benefit their career.
Attack Surface reduction (patch management, pentesting) was considered the 2nd most immature of IT security functions (only beaten by third party risk management). Patch management and vulnerability management have been fundamentals for so long, maybe it's time we tackled the reasons why PM and VM are so hard in organisations.
Next Gen Firewalls, DoS/DDoS prevention and deception technologies topped the buying list of network security technologies in 2021.
Endpoint technologies with deception and browser isolation features were most sought after.
API gateways, WAF, bot management and file intregity monitoring topped application security buying lists in 2021.
More than 9 of 10 organisations benefiting from recognising security in the DevOps stream, or DevSecOps.
The convergence of Zero Trust Architecture is in full flight with SD-WAN, zero trust and SASE technologies being adopted.
So many more interesting things in this report, it's worth a download and a read IMHO.
#cybersecurity #cyberfunding
Cyber Security Professional
3 å¹´Thanks, Nigel!