Cybersecurity Professionals Say They Lack Confidence in Stopping Breaches. Here’s What They Say is to Blame and How to Fix It.

Cybersecurity professionals are voicing concerns over their ability to actually perform cybersecurity. Exabeam’s recent survey of 500 IT professionals sheds light on just how strained they perceive their workloads, resources, and training to be. According to the report, many cybersecurity specialists feel under-resourced and unable to adequately carry out their duties as proactive cybersafety strategists. This could result in additional data breaches, cyberattacks, and other security incidents that have the potential to significantly harm individuals and businesses.

It’s not crystal clear just who’s to blame here, but it’s obvious that IT professionals need a strategy change and a better approach to leveraging their existing tools or to getting equipped with new ones. The survey showed that cybersecurity professionals seem overly confident (some 97% of respondents) in their abilities to prevent attacks, perhaps reflecting their assessment of self-worth and gumption to get the job done. But when pressed further about realities on the ground, only 62% said they feel confident telling their managers that the network is experiencing zero breaches at any given time, and another 43% said they see themselves as “unable to prevent bad things from happening.”

So why is it that so many professionals continue to report a lack of confidence in their role’s success and a lack of holistic visibility over their networks? How can analyzing the strategic issues constraining cybersecurity professionals today help reveal the right solutions? To answer these questions and dig deeper into the survey, Tyler Farrar, Chief Information Security Officer at Exabeam, shares his thoughts on the report.

Tyler’s Thoughts

“97% of the 500 US Security professional respondents reported feeling confident that they are well-equipped with the tools and the processes they need to prevent and identify intrusions.

But when we analyzed these results further, we found some contradictions in these claims. Our research actually highlighted that the inability to prevent bad things from happening is the worst part of a security job. We had more than a third of our respondents unsure that they could even tell their boards that they had no adversaries inside their network.

Now, the threat landscape is constantly evolving and we’re constantly seeing new threats and attack techniques emerge. I know that attempting to keep up with these changes and stay ahead of attackers is challenging and very overwhelming. That’s even true for some of the most experienced cybersecurity professionals out there.

It is a game of cat and mouse and professionals feel like they’re always playing catch up. This creates a lack of confidence and their ability to protect their organization’s networks. So, here’s a few reasons. Cybersecurity professionals lack that confidence. The first one’s organizational, cybersecurity is not always a priority for some organizations, cybersecurity can become siloed within the organization.

There may be limited resources allocated to this space. There could be inadequate training and education. For example, there may be a limited cybersecurity budget for your tools and technologies. Maybe there’s not enough staff at your disposal to properly manage and monitor the organization’s networks.  It creates an overwhelming feeling of frustration; it undermines confidence and the ability to protect the organization and to work effectively across the organization.

The second one’s technical. On the technical side, there is a major complexity to modern networks, systems and just the overall evolving threat landscape. Modern networks are extremely complex and they use multiple layers of technology.

So, managing these and securing these networks are very challenging. There’s also an explosive growth and volume of data. And so Legacy SIEM Solutions and other security tools that aren’t purpose built for security, uh, lead to security professionals having to keep up with all of this new growth and data volume. Trying to manage that and the latest attacks and techniques will create a lack of visibility.

It also will require a much higher level of technical expertise. Cybersecurity professionals who lack that knowledge will feel overwhelmed, and it’s going to require ongoing training and education. So, if you have people that are not equipped to understand these new and rigorous concepts, they might fall behind.

Now, the third one is the human factor, and it’s really around the fear of failure. Cybersecurity professionals are under an immense amount of pressure to prevent cyber-attacks and protect their organizations. that type of pressure is acute and it is particularly high in high-stakes environments. It’s critical to national security, the intense pressure and long hours associated with what’s going on across these varying evolving tactics and techniques of attackers can lead to employee burnout.

Furthermore, it can also lead to indecision when a true security incident occurs. Cybersecurity professionals feel like the consequences of failure are so great that it leads to a lack of confidence in their ability to meet high expectations. So, without having a strong and effective cybersecurity posture, these aspects can have a significant impact on business operations and network security.

It also makes organizations vulnerable to a range of threats, cyber-attacks, data breaches, and security incidents. An organization could or will experience downtime or disruption to their business operations, which is an extremely costly and damaging feat to encounter.

Once a successful breach occurs, it can result in the theft or loss of sensitive data, which leads to reputational damage and legal and financial liabilities. It’s the same thing with a malware infection or some other security incident that results in downtime for business operations. It can and will impact productivity and revenue.

In addition, a lack of resources and tools to monitor networks effectively can result in cybersecurity professionals being unable to identify and respond to threats in a very timely manner. This allows attackers to persist in an organization’s network. It increases the risk of a data breach or data loss and operational disruption.

And overall, both business operations and network security are very closely linked to the effectiveness of an organization’s security posture. Organizations have to address all factors that contribute to the lack of visibility and confidence in cybersecurity to ensure that these networks and the data are protected from this ever-evolving threat landscape.

It’s going to take a coordinated effort and this is between the private sector and various influential cybersecurity professionals, organizations and government agencies. And this can happen in a variety of ways. One of the big ones is the overall improvement of training and education. It is essential to provide all cybersecurity professionals regardless of experience with initial access to education and baseline and ongoing training, etc., to keep up with evolving threats and attack techniques.

And this is both for technical and non-technical training. Technical training focuses on a hands-on approach with different tools and technologies, while non-technical training focuses on educating professionals on how to communicate and collaborate effectively.

The second piece is it just increasing the overall collaboration. Cybersecurity professionals have to work more closely with other teams within their organizations. It’s the only way to really develop a holistic approach to cybersecurity while simultaneously ensuring the space is integrated into all organizational operations.

The third one is the further investment in new technology and tools that can help organizations effectively monitor threats across their organization and respond to security incidents. This can include advanced threat detection and response, as well as user behavior and device behavior analytics.

Next, create clear roles and responsibilities both within the organization and outside of it, using more of a macro lens. It’s important to ensure that roles and responsibilities are set across the organization for cybersecurity responsibilities and that each team has the resources and support needed to carry out these rules effectively.

This can include developing an incident response plan, having the authority and autonomy needed to make decisions during a security incident. And finally cultivate an organization-wide culture of cybersecurity that stresses cooperation, continual education, risk awareness, and continuous development. This will enable cybersecurity professionals to input and impart their expertise and experience to others, and it fosters cybersecurity awareness and best practices throughout the enterprise.”

Article written by Sonia Gossai.