SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Rackspace highlights top security challenges of today's organisations
Thu, 21st Oct 2021
FYI, this story is more than a year old

Half of global IT leaders say they are not fully confident in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks, according to a new global survey by Rackspace Technology.

Moreover, when asked about their attack response capabilities, fewer than half (45%) of respondents say they can effectively respond to incidents, mitigate threats (43%), or understand the nature of the threats they are facing (42%).

The survey of 1,420 IT professionals also highlighted widespread uncertainty that organisations possess the talent and skills to meet cybersecurity challenges, with 86% of respondents saying their organisation lacks the necessary skills and expertise to respond to a growing array of threats.

The ubiquity of the cloud, DevOps methodologies and the condensing of development cycles, coupled with other IT trends, have made addressing cyber threats an increasingly complex task, the researchers state.

Half of survey respondents (49%) cite the growth in cloud and IoT as key challenges, followed by new threats and attack methods (46%) and the growth in data volumes, digital operations, and remote work (45%), which has resulted in increased opportunities for attackers.

In addition, 48% of respondents say their ability to manage application security in a more complex environment is influenced by new ways of working, including DevOps and agile development practices.

Other dynamics include faster release/delivery cycles (46%), the growth in microservice application architectures (46%), hybrid/multicloud environments (46%) and container runtime environments (44%).

When asked about the nature and targets of the cyber attacks they are seeing, network/platforms (58%) lead the way, followed by web applications (52%) and network operating systems (51%).

Half (50%) of all attacks are advanced persistent threats (APTs), while 47% involve stolen credentials and 41% result from unauthorised exposure to data.

When looking to the growing skills gap, the survey found that more than half (52%) of respondents say they are having difficulty recruiting and retaining cybersecurity talent, with the greatest skills shortages in the areas of cloud security (33%) and network security (30%), which respondents also identified as their most critical roles.

Across the business, IT leaders cite lack of expertise (86%), lack of resources (81%), lack of time (70%) and lack of training information (63%) as their most pressing cybersecurity and compliance challenges.

Most respondents manage cybersecurity in-house, with less than a third enlisting external expertise, either through managed security service providers (MSSPs), managed detection and response providers (MDRPs) or systems integrators.

Cloud, data, app, network and identity access are most frequently handled by in-house staff while nearly half (49%) outsource integrated risk security and 43% task by external partners to assist with network security.

Rackspace Technology chief evangelist Jeff DeVerter comments, “Though most respondents to our survey say they are prepared for cyber-attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated.

"Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work largely driven by the pandemic have made the security environment much more challenging.

"Few organisations actually have the people, processes, and technologies that match a mature cybersecurity model.

DeVerter continues, “Organisations struggling with expertise, resources and time are still reticent about enlisting external help. Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.