81% of Security Professionals Identify Phishing as the Top Threat in 2024
UNDER EMBARGO until 9am EST/2pm GMT January 18, 2024: MINNEAPOLIS – January 18, 2024 – Global cybersecurity software and services provider Fortra today published the findings from its inaugural 2024 Fortra State of Cybersecurity Survey. The research uncovers the challenges security professionals have faced over the past year, as well as what they plan to focus on next as they continue to embrace digital transformation, new hybrid infrastructure, and tackle a challenging security landscape.
Hybrid Environments Lead to Disparate Challenges and Priorities
The survey found that most organizations anticipate phishing (81%), malware and ransomware (76%), and accidental data loss (63%) will be the top security risks over the next six months, followed by social engineering (55%) and third-party risks (52%).
To address these threats, security professionals’ top five cybersecurity initiatives for this year are: limiting outsider threats (such as phishing and malware) (74%), finding and closing security gaps (73%), improving security culture (66%), securing the cloud (63%), and compliance (62%).
“While these may seem like disparate concerns, they can all be traced back to the headlong rush to the cloud,” explains Antonio Sanchez, Principal Cybersecurity Evangelist. “The impacts of this rapid migration – weak policies, poor container security, misconfigurations, and gaping security holes – came home to roost in 2023 and the consequences will still be playing out this year.”
Sanchez continues: "Now, the top focus is on improving controls and processes around phishing and malware followed by identifying the latest attack vectors for hardening. Security leaders know that improving security awareness has a direct correlation to improving phishing and malware defenses, so they have made improving security culture a top initiative as well. Improving security culture should also free up resources so they can focus on cloud security as organizations continue to adopt cloud-first and cloud-preferred strategies."
In line with this, 64% of respondents in Fortra’s survey reported having a hybrid environment, while 19% were cloud-first, and 12% were cloud-only. The 6% who said they had no plans to move to cloud cited security concerns as the reason to not make the jump (77%).
Skill Shortages and the Increasing Role of Managed Security Services
The research also explored the hurdles hindering the execution of security strategies, with budget limitations (54%), the constantly changing nature of threats (45%), and lack of security skills (45%) topping the list. In addition, the survey revealed that while everyone is seeking to implement principles of zero trust, a quarter said they aren’t planning to due to insufficient resources.
Commenting on execution challenges, Wade Barisoff, Director of Product, Data Protection said: “These challenges have contributed to the creation of a very transient cybersecurity culture. In particular, the skills gap means everyone has to wear many hats – analysts are required to be experts in multiple security domains as well as cloud – and consequently, no one is an expert.”
Many organizations are aware that upskilling needs to occur to strengthen their security position, with 67% saying they are focusing on improving the skills of their staff. Organizations are also leaning into managed security services to offload some of the weight. The most popular areas to offload being: email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%).
Explaining this shift, Josh Davies, Principal Technical Manager said: "Burnout is one trend that’s causing skilled people to leave organizations or transition into roles with more targeted responsibilities. This puts additional stress on the remaining staff as they must still deliver the required outcomes with fewer headcount. We are seeing increased adoption in managed security services to relieve a portion of their operational burden."