CYBERCRIMINALS and technology companies are shifting to an as-a-service model, but the adversaries are moving faster, according to recent research from Sophos, conducted by Vanson Bourne. Indeed, 94% of organizations experienced some type of cyberattack in the last year.
The State of Cybersecurity 2023: The Business Impact of Adversaries report finds that cybercrime as a service, automation, stealthy impersonation, and adaptability are accelerating adversaries. It identifies “active adversaries” as threat actors who adapt their techniques, tactics, and procedures (TTPs) on the fly. Twenty-three percent of respondents report that their organization experienced an attack involving an active adversary last year, and 30% say it’s one of their top cybersecurity concerns for 2023.
At the same time, a shortage of skilled help, the volume of alerts, and the time spent on incident response are slowing defenders.
At issue is the difficulty of threat detection and response, with 93% of respondents acknowledging the challenge of executing essential security operations tasks. Moreover, just under half (48%) of all alerts are investigated, and most organizations struggle to identify (71%) and prioritize (71%) which alerts/events to investigate.
Dealing with cyberthreats has negatively impacted the ability to work on other projects, according to 55% of respondents, and 64% wish the IT team could spend more time on strategic issues and less time firefighting.
The report also finds that defenders lack confidence in their processes, with security tool misconfiguration identified as the top perceived security risk in 2023. Further, over half (52%) of IT professionals say that cyberthreats are now too advanced for their organization to deal with on their own, rising to 64% among small businesses.
Respondents say their organizations have a blended approach to cybersecurity delivery, with 94% of companies already working with external specialists in some capacity.
Finally, channel pros should note: Most organizations (78%) plan to add endpoint detection and response (EDR) and/or extended detection and response (XDR) tools to their security stack within the next 12 months, with 44% planning for managed detection and response (MDR) solutions.