Close to half of (46%) global IT leaders say they are not fully confident in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks, according to a new global survey by Rackspace Technology, out of the 150 respondents in India, fewer than half (46%) of local respondents say they can effectively respond to incidents, mitigate threats (45%), or understand the nature of the threats they are facing (40%) when it comes to organisations’ attack response capabilities.
The survey of 1,420 IT professionals also reveals widespread uncertainty that organizations possess the talent and skills to meet cybersecurity challenges, with the majority of (89%) of respondents saying their organizations lack the necessary skills and expertise to respond to a growing array of threats.
“Though most respondents to our survey say they are ‘prepared’ for cyber-attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated,” said Jeff DeVerter, Chief Evangelist Rackspace Technology. “Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work – largely driven by the pandemic – have made the security environment much more challenging. Few organizations actually have the people, processes, and technologies that match a mature cybersecurity model.”
IT Trends Driving Cyber Complexity
The ubiquity of the cloud, DevOps methodologies and the condensing of development cycles, coupled with other IT trends, have made addressing cyberthreats an increasingly complex task. 31% of India’s survey respondents cite the growth in cloud and IoT as key challenges, followed by new threats and attack methods 39% and the growth in data volumes, digital operations, and remote work (42%), which has resulted in increased opportunities for attackers.
Forty-eight percent of India respondents say their ability to manage application security in a more complex environment is influenced by new ways of working, including DevOps and Agile development practices. Other dynamics include faster release/delivery cycles 52%, the growth in microservice application architectures (51%), hybrid/multicloud environments (49%) and container runtime environments (43%).
When asked about the nature and targets of the cyberattacks they are seeing, network/platforms (65%) lead the way, followed by web applications (54%) and network operating systems (48%). More than half (53%) of all attacks are Advanced Persistent Threats (APTs), while 43% involve stolen credentials and 38% result from unauthorized exposure to data.
Talent and Staffing Pain Points
More than half (52%) of India survey respondents say they having difficulty recruiting and retaining cybersecurity talent, with the greatest skills gaps in the areas of cloud security (41%) and network security (38%) which respondents also identified as their most critical roles. Across the businesses, IT leaders cite lack of expertise (89%), lack of resources (91%) and lack of time (63%) was their most pressing cybersecurity and compliance challenges.
Most local respondents manage cybersecurity in-house, with less than a third enlisting external expertise, either through Managed Security Service Providers (MSSPs), Managed Detection and Response Providers (MDRPs) or systems integrators. Cloud, data, integrated risk security network and identity access are most frequently handled by in-house staff while (41%) outsource integrated risk security and 45% task by external partners to assist with network security.
The top strategies to fill any gaps of cybersecurity talent in India include training internal staff (48%), external recruitment agencies (60%) and relying on third-party security experts (49%).
“Organizations struggling with expertise, resources and time are still reticent about enlisting external help,” added DeVerter. “Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.”
“Given the rise of digital innovation such as remote working and cloud, it has also opened up opportunities for cyber attackers to strike organisations in Asia Pacific including India. India has seen a 3X rise in cyber-attacks in the year 2020 as reported and tracked by the Indian Computer Emergency Response Team (CERT-In). Businesses need to invest in added resources to enhance their understanding of cyber-attacks and employ technology to respond and mitigate threats effectively and efficiently, ” said Sandeep Bhargava, Managing Director of Asia Pacific and Japan (APJ)
“As with many countries, India face the difficulty of recruiting and retaining cybersecurity talent with network security and cloud security being the top skills in demand. A recent report by professional recruitment services firm Michael Page India, highlights a skill-gap of 43% in cybersecurity professionals with shortage of experts in Application Development Security, Cloud Security Risk Management, Threat Intelligence, Data Privacy and Security. This calls for the need for businesses to evaluate how they can enlist third-party security help, so that they can focus on building their competitive advantage as a company. “Bhargava added.
“Organizations struggling with expertise, resources and time are still reticent about enlisting external help,” added DeVerter. “Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.”
The survey was conducted by Coleman Parkes Research in September 2021. Findings are based on the responses of 1,420 IT decision-makers across manufacturing, retail, hospitality/travel, healthcare/pharma/biomedical, government and financial services sectors in the Americas, Europe, Asia and the Middle East. Most of the companies/organizations polled were founded before the year 2000, have from 101 to 999 employees, and an annual revenue between $50m and $1b. They also have anywhere from two to 15 employees dedicated to cybersecurity and they spend 5% to 15% of their IT budget on cybersecurity.