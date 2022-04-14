Despite the security challenges faced by them, organisations across the globe struggle to secure adequate investment in their cybersecurity programmes, and are faced with cybersecurity skills shortages, according to Splunk’s annual State of Security Report 2022.

While cyberattacks have been rising, talent has remained scarce.

More than 1,200 security leaders participated in the survey.

Ninety per cent of the respondents in India said their organisations would increase security-based investments significantly in the next 12-24 months, versus 45 per cent of their peers across the globe.

Just 33 per cent of employees In India worked remotely, lower than the average in the rest of the world (49 per cent).

Seventy per cent of respondents in India reported a significant uptick in attempted attacks on these individuals, significantly higher than the global figure (21 per cent). Further, 35 per cent reported challenges in securing tools purchased to assist in the transition to remote work (versus 21 per cent globally).

Non-security analytics in areas such as IT operations, business and risk management analytics with security analytics can improve decision-making, it said

Seventy-seven per cent of respondents reported a significant integration versus 37 per cent across other countries.

“Similarly, Indian organisations are at the leading edge when it comes to adopting security controls with machine learning capabilities,” it said.

Seventy-two per cent of Indian respondents reported extensive adoption versus 28 per cent globally.

Jyoti Prakash, Regional Sales Director, India and SAARC, Splunk said, “As we continue to work in a remote/ hybrid work model, cyberattacks will continue to rise. While enterprises face several challenges, including a significant rise in cyberattacks, business leaders are taking steps to stay ahead.”

“Splunk’s State of Security 2022 report revealed that Indian organisations have made security one of their top business priorities. Indian organisations are serious about protecting their businesses and are aggressively integrating business operations with security analytics to improve on security and overall business decision-making,” said Prakash.

Global trends

According to the report, globally, 65 per cent of respondents said they had seen an increase in attempted cyberattacks.

“In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted,” the report said.

Fifty-nine per cent of security teams said they had to devote significant time and resources to remediation, up from 42 per cent a year ago.

Further, 54 per cent of respondents reported their business-critical applications had suffered from unplanned outages related to cybersecurity incidents on at least a monthly basis, with a median of 12 outages annually.

“The median time to recover from unplanned downtime tied to cybersecurity incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour,” the report said.

Further, 64 per cent of security professionals found it challenging to keep up with new security requirements, up from 49 per cent a year ago.

“This survey has revealed that organisations are concerned about supply chain attacks, especially after the SolarWinds hacks of 2020 and the Log4Shell incident in late 2021,” said Ryan Kovar, Distinguished Security Strategist, Splunk.

“Ninety per cent of organisations reported that they have increased their focus on third-party risk assessments as a result of the high-profile attacks. In my 20 years in IT security, I’ve never seen software supply chain threats given this level of visibility. Unfortunately, this will only increase the already intense pressure security teams face,” said Kovar.

“As cybercriminals become more persistent and workloads increase, many organisations have been impacted by the Great Resignation and the additional security challenges of remote work. These factors have exacerbated the ongoing talent shortage within the cybersecurity industry,” the report said.

76 per cent of respondents said their team members had been forced to take on responsibilities they were not ready for, while for 70 per cent of respondents, the resulting increase in workload has led them to consider looking for a new role.

85 per cent of respondents said t has gotten harder to recruit and retain talent over the past 12 months.

Further, 53 per cent of respondents said they can’t hire enough staff, while 58 per cent cited an inability to find talent with the right skills.

68 per cent of respondents reported that talent shortages had directly led to the failure of one or more projects/ initiatives. 73 per cent of respondents added that workers have resigned, citing burnout.

Jane Wong, Vice-President of Security Products, Splunk said, “One positive sign is that over two-thirds (67 per cent) of organisations are actively investing in technologies designed for advanced analytics and security operations automation. Automation is critical to help reduce the time it takes to respond to attacks, and these technologies should focus on assisting our human analysts, not replacing them. This can mean fewer tools, not more.”

“For example, a platform approach can make it easier for security teams to take action on complex threats, while the basic stuff is remediated at machine speed. The result should be a lower sense of being overwhelmed — and less analyst burnout, but also reduced dwell time if the organisation has been breached,” added Wong.