Cybersecurity Executives Say These are the Most Pressing Challenges They Face

Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.

Challenge #1: The Proliferation of New Threat Vectors

If the first half of 2022 was any indication, security teams are in for an interesting ride as we look ahead. In just the first six months, data from FortiGuard Labs shows that the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period.

Security executives across all industries said they’re witnessing adversaries up their respective attack games. Threat groups that haven’t been active for months or even years are now becoming active again, looking to take advantage of attack surfaces that have nearly expanded overnight thanks to the increase in remote and hybrid work. These adversaries, when successful, are not only holding data for ransom but exfiltrating it and using automation and machine learning to increase the breadth of who and what they’re going after.

Challenge #2: Security Gaps Introduced by Digital Acceleration and Remote Work

As the prevalence of companies adopting Work-From-Anywhere (WFA) policies continues to grow, organizations are now facing more significant security gaps as a result. Executives pointed out that these gaps are exacerbated if companies don’t have the right security technologies to govern these new policies and practices. A lack of trained security staff only amplifies the problem.

But even when remote workers have secure access to critical resources, many organizations struggle to integrate those protections with the rest of their security architecture. Siloed security systems make it impossible for IT teams to create and maintain cohesive visibility across their infrastructure. Bad actors who manage to compromise an endpoint device, especially those operating in poorly secured home environments, are often able to enter the network undetected. In fact, one in five organizations reports experiencing a network breach due to remote workers.

Challenge #3: The Cyber Talent Shortage

With the volume of attempted cyberattacks on the rise—not to mention major changes occurring in how and where employees work—security teams need sufficient resources to address and manage these challenges.

Closing the cybersecurity skills gap isn’t a new concern, but it still presents an ongoing challenge for many organizations. According to (ISC)²’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. The number of professionals required to fill that gap has decreased from 3.12 million to 2.72 million in the past year, yet there’s still a significant void. 

Suzanne Spaulding, former Department of Homeland Security (DHS) Undersecretary for Cyber and Infrastructure and Fortinet Public Sector Advisory Council (PSAC) member, noted during the summit that there is a growing number of cybersecurity-related job vacancies. “CISOs are facing a daily onslaught and doing so with an extreme workforce shortage. One statistic shows that in the government and private sector, there are over 600,000 open cyber security positions in the United States,” said Spaulding.

The cyber talent shortage continues to put organizations at risk and, in many instances, is a contributing factor in breaches. According to the Fortinet 2022 Cybersecurity Skills Gap Global Research report, a staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills or awareness.

Potential Solutions for Addressing the Most Critical Cybersecurity Challenges

From converging tools into a single platform to implementing ongoing cyber education programs, experts offered numerous ideas to help fellow security leaders enhance their strategies:

• Implement cybersecurity awareness training: Ongoing cyber awareness training for all employees and training that upskills current security professionals are critical efforts that help address the skills gap. Fortinet offers the Security Awareness and Training service, which is a SaaS-based turnkey service for organizations looking to build a cyber-aware workforce. Cybersecurity is everyone’s job, not just that of the security team’s­–all employees are responsible for practicing strong cyber hygiene to keep the organization safe. At the same time, upskilling programs for security professionals are essential in order to keep up with evolving threats and changing attacker tactics.
• Adopt Zero Trust Network Access (ZTNA) solutions: Adopting a Zero Trust approach to security is a critical step in the fight against cybercriminals, starting with the implementation of ZTNA. It extends the principles of Zero Trust Access to verify users and devices before every application session. ZTNA confirms that they meet the organization’s policy to access that application. To be effective, ZTNA must be automatically enabled on any device or service, whether it’s on prem or in the cloud.
• Reduce complexity by consolidating tools: Most organizations have about 43 different technology solutions in their environments. Having different technology and solutions that don’t work well together is challenging for even the best security teams to maintain. To reduce complexity, organizations need to make security management easier and reduce costs, finding solutions that offer a high degree of automation and integration.
• Conduct periodic security assessments to pinpoint gaps: Security teams benefit from periodically pressure testing their playbooks even when they already have the right tools, processes, and people. Activities might include incident response readiness assessments that prepare your organization for incidents and shorten the time to detection, mitigation, and recovery. Conducting tabletop exercises is also helpful in assessing a team’s level of preparedness for a real-world attack scenario.

While cyber threats are never going away, enterprise security teams can take advantage of numerous tools and strategies—along with advice and insights from their peers—that will help improve their ability to defend against even the most sophisticated attacks.

Learn more about Fortinet’s industry-leading Fortinet Security Fabric and why it is the industry’s highest-performing cybersecurity mesh platform.