No one knows the challenges of securing an organization like the professionals who carry that responsibility daily. We set out to better understand the things they deal with and what they plan to focus on in our inaugural 2024 Fortra State of Cybersecurity Survey. Here are five key takeaways from the survey.
81% Call Phishing and Smishing Top Security Risk for 2024
Both phishing and smishing (SMS phishing or text message phishing) are common tactics and, unsurprisingly, remain at the top of the list. Human nature hasn’t changed, so these tried-and-true methods continue to work. Phishing targets a high-traffic area of business – our inboxes – and is getting increasingly crafty with the help of AI. We don’t need to repeat how pernicious or convincing today’s deepfake capabilities are, with the capacity to convincingly reproduce human voices, faces, and even email communication styles in nearly every language, and with perfect accuracy. With its ability to produce disinformation, AI continues to cause unease as leaders in security, government, and other industries brace for the year ahead.
Smishing also plays off a falsely based trust and is hitting companies where they least expect it: their non-security-savvy employees, where they can hit them off hours and leverage mobile entry points to gain access to corporate resources. Work-from-home habits play into the heightened danger of smishing attacks, with mandatory MFA and security awareness training programs persisting as two vital ways to fight back. Employees should be wary of unsolicited messages and only respond to a company’s link, text, or phone number they’ve verified independently. While they may not be a prime target, the company they are connected to most likely is.
Hybrid Cloud Is the Answer for Digital Transformation
64 percent of respondents rely on hybrid cloud and a lingering on-premises footprint. This is an important trend to note, as many cloud-native solutions fail to properly support on-premises security. Certain industries don’t have the luxury of moving all assets to the cloud, either as soon as they wish or at all, due to industry regulations and integral physical underpinnings. Take critical infrastructure, for example. Legacy architecture like the U.S. electric grid or point-to-multipoint SCADA (Supervisory Control and Data Acquisition) systems were not designed with today’s security hazards in mind, and so are vulnerable when exposed to the public internet, and especially the cloud.
Although the cloud is an undeniable component of digital transformation, nearly 2/3 of respondents say they plan to keep an on-premises footprint. This means hybrid solutions will be in high demand during 2024.
Consolidating Vendors Is High Priority of Two-Thirds of Respondents
How many is too many? While that’s up to the business to decide, it seems that two-thirds of global respondents have hit their limit when it comes to taking on new vendors. You know the saying: “Too many cooks spoil the soup.”
Our research revealed that two out of three security leaders are consolidating, or making plans to consolidate, security vendors. They believe that doing so will improve the strength of their security posture and reduce operational overhead. Reducing vendors also leads to cost savings in other areas (like security and infrastructure) and causes teams to better use the tools they have to solve existing issues in creative ways.
One rebuttal we’ve heard against vendor consolidation is, “We’re looking for best-of-breed in every area, so we like to shop around.” We feel the same way, which is why at Fortra, we’ve “shopped around” ourselves and done some significant integrating, acquiring, and merging recently (if you haven’t noticed). Their goal is our goal: a suite of best-of-breed solutions integrated under one umbrella. It’s all the speciality and expertise of a niche solution with the reduced overhead, red tape, and SLAs of a single-vendor solution.
Longer Procurement Cycles Ahead
We also noticed a trend towards longer procurement cycles. Market conditions are leading to flat budgets, which leads to more scrutiny when evaluating potential tools. This brings more people into the decision-making process than ever before, including non-security stakeholders such as business unit leaders, and each aspect now needs to be explained and understood from a variety of perspectives and backgrounds. This inevitably leads to longer cycle times.
Third Parties to Take Over Security Operational Burden
Another interesting change that we noted was that over half of respondents are clearly looking to utilize a third party to help manage the operational burden. When asked which areas required additional support, 58% cited email security and anti-phishing, 52% cited vulnerability management, and 51% cited data protection.
These are all high-traffic areas for data, and it comes as no surprise that companies with lean IT teams (or even robust ones) are having a hard time keeping up. AI is powering so much of the traffic we see today in phishing, in poking around for vulnerabilities and doing reconnaissance work, and in the proliferation of malware and launching attacks. Teams need AI-backed solutions, but also often an extra set of hands and eyes to properly tackle the problem. We think this trend will continue well into the new year and potentially beyond.
View the Full Survey Results
Our 2024 State of Cybersecurity Survey drew insights from hundreds of cybersecurity professionals from over a dozen countries and every continent except Antarctica. These security leaders hailed from companies with less than 100 employees to those with over a thousand and included analysts, engineers, directors, C-suite executives, and more.
We think this view from the trenches is a telling indication of what the industry can expect in the coming year and encourage you to increase your scope of this year’s insights by viewing the expert analysis of the full results.