According to a new report published by Google Cloud transformation partner Appsbroker CTS, 79% of IT and security leaders feel less secure now than they did a year ago. The report, which surveyed over 150 decision-makers across various sectors, reveals a growing sense of overwhelm among leaders facing the daunting task of securing their businesses against an ever-evolving threat landscape.

The top five threats identified in the report are:

1. Malware attacks
2. Lack of visibility on security risks
3. Identity theft by threat actors
4. Misconfigurations
5. Vulnerable applications

I. Malware Attacks

Malware attacks, such as ransomware and phishing, have become increasingly common. Phishing, in particular, is responsible for nearly 80% of hacks. To combat phishing attacks, organizations must invest in robust email security gateways and educate their users on recognizing and avoiding phishing attempts. This dual approach can significantly reduce the risk of malware infiltration.

II. Lack of Visibility Around Security Risks

Many organizations struggle with limited visibility into their security risks, exacerbated by communication limitations and the costs associated with managing communication channels. Effective risk management requires comprehensive monitoring and transparent communication, especially when third-party cloud applications are involved. Addressing these limitations can help organizations better understand and mitigate their security risks.

III. Identity Theft by Threat Actors

Identity theft remains a critical concern for organizations. Implementing multi-factor authentication (MFA) as a fundamental access control measure can mitigate this risk. MFA adds an additional layer of security, making it more challenging for threat actors to compromise user identities and gain unauthorized access to sensitive systems and data.

IV. Misconfigurations

Misconfigurations are a pervasive issue, often resulting from human error. Training employees on proper configuration practices is essential to minimize these risks. High-profile examples, such as the CrowdStrike misconfiguration due to coding errors, highlight the importance of rigorous training and oversight in maintaining secure configurations.

V. Vulnerable Applications

Vulnerable applications are a common threat vector, and timely patching and updating are critical to mitigating these risks. Many of the threats identified today were also prevalent in 2016, underscoring the need for ongoing vigilance in application security. Regularly updating software and applying patches can help close security gaps and protect against known vulnerabilities.

Investment and Its Impact

Despite a 97% increase in cybersecurity investment, 55% of leaders feel less secure today. Many lack confidence that their investment will sufficiently reduce overall risk, with 61% believing the attack surface is uncontrollable. While there is excitement about transformative technologies like generative AI (GenAI), 79% of leaders worry about being unprepared for its impact, fearing that cybercriminals will continue to prevail regardless of the investment.

Many businesses struggle with monitoring, testing, and measuring their security posture due to a lack of necessary tools and visibility. Utilizing cloud solutions and GenAI can help businesses improve their security approach by providing advanced analytics and automated threat detection capabilities.

Data protection is crucial, yet many businesses lack the governance and controls to safeguard their data effectively. According to the report, 67% of IT leaders admit to inconsistent security application due to governance issues, while 71% lack access and control over data, leaving them vulnerable to security risks. The money is not always invested in a smart way for services and solutions, and staff training to use the technology effectively remains a significant challenge.

In many organizations, existing solutions are underutilized or misconfigured. For example, firewalls might be in place but not configured correctly, and no one monitors them due to a lack of budget for training. Some organizations continually deploy new solutions without addressing existing risk reduction needs.

To address these challenges, 53% of organizations have implemented some zero trust controls, but barriers such as cost, legacy integrations, complexity, lack of resources, and skills hinder consistent implementation. A strategic shift is necessary to tip the balance in favor of stronger cybersecurity measures, ensuring that investments are made wisely and that security solutions are effectively utilized and maintained.

Recommendations

Invest in Comprehensive User Education and Training: Educate employees about the latest cyber threats, including phishing, social engineering, and malware. Regularly update training programs to reflect new threats and best practices.

Implement Advanced Email Security Solutions: Utilize email security gateways and anti-phishing technologies. Conduct regular phishing simulation exercises to test and improve user awareness.

Enhance Visibility and Monitoring: Deploy advanced monitoring tools to gain better visibility into network activities and potential threats. Implement continuous security monitoring and incident response capabilities.

Adopt Multi-Factor Authentication (MFA): Enforce MFA across all critical systems and applications to add an extra layer of security. Regularly review and update access control policies.

Conduct Regular Security Audits and Assessments: Perform routine security audits to identify and remediate misconfigurations. Use automated tools to detect and correct configuration errors in real-time.