The cyber skills gap is driving a significant increase in reliance on external managed service providers, according to the Neustar International Security Council (NISC). Nearly nine-tenths (89 percent) of security professionals participating in the latest NISC survey, conducted in March 2022, said their organisations had somewhat (45 percent) or greatly (44 percent) increased their reliance on external providers due to the ongoing talent shortage.
Survey participants were most likely to be currently seeking to hire individuals with cloud security skills (64 percent), followed by network operations skills (55 percent) and risk management and application development security skills (both 51 percent), while fewer than three in ten respondents (28 percent) said they were actively seeking to hire for DevSecOps skills.
The shortage of cybersecurity skills can hinder organisations’ ability to respond to new security challenges, and 85 percent of survey respondents agreed that accelerating digitalization was creating a more difficult security environment for their organisations. And although the vast majority (92 percent) acknowledged that implementing a digital initiative without fully understanding or addressing potential security challenges is a mistake, more than half (56 percent) said their organisation had rushed to implement a digital initiative anyway.
The survey did reveal one surprise. “Considering that both the enterprise technology environment and the general threat landscape are changing so rapidly, we did not expect such a large majority of respondents — 86 percent — to state that they understood the security risks to their organisation as well as they did two years ago,” said Carlos Morales, senior vice president of solutions at Neustar Security Services. “Whether the past few years have presented as an acceleration of existing trends or a systemic, foundational shift, security and IT organisations feel they have what they need to maintain active awareness of their risk exposure and emerging threats – thanks in part to an increased reliance on the trusted external partners protecting their infrastructure, data and people.”
When asked about their other top concerns during the reporting period of January and February 2022, the surveyed security professionals classified distributed denial-of-service (DDoS) attacks as their greatest concern (ranked highest by 22 percent of respondents), followed by system compromise (20 percent) and ransomware (17 percent). Ransomware, DDoS attacks and generalized phishing were the threats most likely to be perceived as increasing during the reporting period. The threats that organisations focused their ability to respond to most during this period were vendor or customer impersonation, targeted hacking, and ransomware.
Of the enterprises surveyed in March, 84 percent reported having been on the receiving end of a DDoS attack at some point. The majority (56 percent) reported outsourcing their DDoS mitigation, and most (60 percent) said it typically took between 60 seconds and 5 minutes to initiate mitigation, in line with previous reporting periods.