July 06, 2022
"2022 Cyberthreat Defense Report" Is Out - Techcess talks you through all the IT insights

Techcess Technology Podcast episode 48: 2022 Cyberthreat Defense Report (See show notes for lower bandwidth version)


The "2022 cyberthreat defence" report is out!

Listen as mark from m3 Networks talks us through it!

 

We love bringing you deep-dive insight into technology and its impact on business.

This episode is no exception, as our own Mark Riddell and the Techcess team talk us through the insights contained in the 2022 Cyberthreat Defense Report.

This is a report that has been produced by the Cyber Edge Group and is sponsored by one of m3 Networks partners, Connect Wise, which is one of the key tools that we use here internally, at m3 Networks.

You can download the report and take a look at it for yourself, here:

https://www.isc2.org/-/media/ISC2/Research/Cyberthreat-Defense-Report/2021/CyberEdge-2021-CDR-Report-v10--ISC2-Edition.ashx

We thought you'd find it's really insightful and felt that we wanted to let you know what's going on around the world when it comes to cyber attacks.

After all, you're a listener to this podcast, so we're confident you'd find it interesting.

The episode contains a lot of stats, but we're confident that Mark's done a great job of simplifying these for you, and helping you cut through the data to get the real TL;dr of what's contained in the report.

(Want to download your free copy of m3's IT services buyer's guide that Mark mentions in the episode?)

You can do that by clicking here: 

https://m3networks.co.uk/buyersguide

 

Click this is you're hard of hearing and want to just download and read the episode as a PDF:

http://traffic.libsyn.com/techcess/Techess_48_cyberthreat_defence_report.pdf

In an area with restricted data? Click this for a smaller sized version of the episode.

If you want to get an idea of the insights Mark talks us through in the episode of "2022 Cyberthreat Defense Report" then here's the headlines for you!

  • There has been no let up in pressure on security teams
  • There's a persistent shortfall of skilled IT security personnel
  • Account takeover attacks are still growing as a threat
  • Ransomware rates continue to climb
  • Security teams accepting 'new normal'

Episode transcript preview

You would have probably already seen the link to the PDF above.

Here's a very quick sneak preview of that transcript of episode 47

"2022 cyberthreats defense report - episode 48 transcript"

"Let's crack on and talk about the top five insights for 2022.

Number 1 – no let up in pressure on security teams

So number one, there has been no let up in pressure on security teams.

Now, while the number of organisations that experienced a successful cyber attack actually dropped a touch from 86.2% in the previous survey last year to 85.3% in this one, the percentage victimised by six or more attacks increased to a new record of 40.7%.

And the number of respondents who think that is somewhat or very likely that the organisation will be successfully attacked in the coming year reached a new record of 76.1%.

So if you don't think that cyber attack is going to happen in your business, the data shows that most businesses are expecting it to happen.

Number 2 – persistent shortfall of skilled IT staff And number two out of the top five insights..."

 

Scroll down to read the full transcript on the bottom of this page or click the link above to get a printable version!

 

Want to get more 'Techcess' in your business?

Book a free chat with Mark!

Get more valuable technology insights from m3's blog pages, here.

Mark Riddell's technology podcast "Techcess" is an m3 Networks production. Mark and the team have created this podcast to help you and their clients understand how technology can help them in their industry and business, including helping them with cyber security solutions. To find out more about Mark Riddell and the rest of the m3 team, visit them here and follow them on Linkedin.

If you want to get in touch about technology or cyber security, just address an email directly at Mark here. He'll be very happy to hear from you.

Thanks for listening! If you enjoy this episode, make sure you follow the podcast via your favourite app.

Fancy giving the Techcess technology podcast a review and rating? Click here - https://www.techcesspodcast.com - and select the menu item 'Reviews' 

In this episode of Techess, we're going to spend a few minutes reviewing the "2022 Cyber Threat Defense Report" (sic).

Now this is a report that has been produced by the Cyber Edge Group and is sponsored by one of our partners, Connect Wise, which is one of the key tools that we use here internally, at m3 Networks. I'm going to give you a little bit of a heads up warning. If you're not someone who likes statistics, you're probably not going to enjoy this report because it is quite stat heavy as you'd expect from any research document. There is going to be a lot of percentages talked about in here. But it's really insightful to let you know what's going on around the world when it comes to cyber attacks. Are things getting better or things getting worse? What are the real things that are causing the problems for businesses? Okay, now just to give you an idea of the demographics of the survey, this was a survey that was carried out with well over one thousand qualified IT security decision makers and 17 countries across 19 different industries were represented in this report. Now, there's far too much in this report to cover in a single episode of Techcess. So what I'm going to do probably over the next few weeks is break down certain areas. So today I just want to cover the highlights and give you the summary. So just think of this as the TLDR version of the report.

 

Let's crack on and talk about the top five insights for 2022.

 

Number 1 – no let up in pressure on security teams

 

So number one, there has been no let up in pressure on security teams. Now, while the number of organisations that experienced a successful cyber attack actually dropped a touch from 86.2% in the previous survey last year to 85.3% in this one, the percentage victimised by six or more attacks increased to a new record of 40.7%. And the number of respondents who think that is somewhat or very likely that the organisation will be successfully attacked in the coming year reached a new record of 76.1%. So if you don't think that cyber attack is going to happen in your business, the data shows that most businesses are expecting it to happen.

 

Number 2 – persistent shortfall of skilled IT staff

 

And number two out of the top five insights is that the biggest security issues for many organisations are persistent shortfall of skilled IT security personnel and low security awareness among employees. Now, here at m3 Networks, we can solve both of those problems and we'll come on to that later on. But these continue to top the list of factors that inhibit organisation from adequately defending themselves against cyber threats because we see a lack of security skills across a wide range of job roles and find that user security awareness to be an area where the survey respondents doubt their organization's capabilities.

 

Number 3 – ATO attacks growing in trend

 

Among cyber threats, ransomware and account takeover attacks are poised to overtake malware as number one concern. Malware is still perceived as the most important threat, but account take over attacks or an ATO and credential abuse attacks moved up from fourth place last year to number two this year and ransomware is only a tad behind. And the report says that we think one or the other will take over the top spot in the next year or two.

 

Number 4 – Ransomware rates increasing

 

Now pressure from ransomware ratchets up once again. So the percentage of organisations victimised by a ransomware attack in the last twelve months rose by two and a half percent to reach a new high of 71%. Ransom demands continued to rise and the percentage of organisations decided to pay the ransom actually jumped from 57% to 62.9%, which is also a record high.

 

Number 5 – the new normal in IT security

 

And the final insight for 2022 is that security teams are getting a handle on the new norm created by Covid-19. So after a scramble to adapt to the disruption caused by the pandemic, they are now well along in deploying and managing technologies and processes to build security into web and mobile applications, making things like working from home more secure and improving the security and economics of networking with cloud based resources.

 

 

That's your top five insights for 2022 from the report. And I want to spend another few minutes just talking about some of the highlights from the search. So this is very high level key takeaways and some good information out there. Some of this information I'll preempt by saying may go over the heads of some people and I know that's not normally how things are pitched here at Techcess, but I do know that there are some people in IT industry and cybersecurity industry that may be listening to this and this might be some good information for them to take away back to their businesses too. So looking at the current security posture then that over six attacks are becoming common.

 

So last year 85% of organisations experience of cyber attack, well, those experiencing over six attacks rose to a new high and we mentioned that was one of the top in facts as well. So experiencing multiple cyber attacks is becoming a lot more common. Now there's no let up seen, so the number of respondents seen a successful attack is likely coming to New Year has reached a new record of 76%. Again, that was one of the top insights. Your SAS apps are well protected, so this is your software as a service product. So online tools and products that use within your business say that respondents have confidence in the security posture of SaaS companies. Companies such as Xero, QuickBooks, your online platforms that you might be using in business. The confidence in these businesses to protect those apps is pretty high.

 

And of course we have to mention the ongoing talent drought. They know 84% of organisations surveyed in this report so that they can't find enough skilled security people. And this is a problem globally in the It and cyber industry there's just a shortage of skilled people. A few other kind of key takeaways from this research showing things like new threats rising. We already mentioned account takeover and ransomware closing in as being the number one cyber threat to our greatest concern. Things like PII, which is personally identifiable information and credentials at risk among web and mobile applications. And PII harvesting and account takeovers are most prevalent and quite concerning. There's bad news on ransomware and that the damage from ransomware continues to grow, which it has done for years and years. We did mention things like the people problems. So again, the two biggest barriers to effective security is that lack of skilled personnel to manage it and also employees at low security awareness.

 

Here's a really good thing to come out of the research. 83.2% of organisations expect to see their IT security budget grow this year. And that's fantastic because of course, ultimately it comes down to spending money, right? That's not getting away from that. That's not hiding behind the fact that this is something that you have to make a conscious decision to invest in, in your business. This is not just something that you do have some spare cash at the bottom of the drawer, this is something you consciously have to budget for in your annual budget and just along with everything else that you budget for within your business. Now, one of the things you mentioned a couple of times here is the talent drought and the lack of skilled security people out there. It's fair to say that most people listen to this episode of Texas are not going to be businesses of a size that are going to hire internal cybersecurity staff. They are more likely to either rely on the IT company to take care of this or they are going to want to work with what we would call an MSSP - a managed security services provider. And MSPs are kind of like MSPs, which you probably have already, you might not call them that, but your IT company is typically an MSP and managed services provider, so they're providing your IT support, maybe your broadband, your Office 365 staff, so maybe some cloud backup solutions and endpoint security product. These are all managed services, but taking it to the next level of the MSSP. This is where the dedicated cybersecurity staff and cybersecurity products come into play. And a lot of businesses are choosing to bring in a third party MSSP to work alongside their existing IT company, which is actually a great solution for businesses because you get to carry on work with the IT company that you know and you like and you've used them for years and years and years and you might never decide that you're going to change and move away from them, but you can bring in that cybersecurity professional company to plug the gaps. Because, fair to say, most IT companies don't really have this covered or not covered to a level where you need it to be. So rather than having to kind of rock the ball and change things dramatically, you can stay with the IT company and bring in a company like us, for example, to plug the gaps and provide the cyber security services and work in partnership with your IT company. And actually having your IT company and your cybersecurity company separately can be a good thing. Some people like that, some people like all under one roof, which we do for a number of businesses as well. But whatever suits the customer base is what we look to work towards. So I hope this has been a good insight. We're halfway through 2022, and I thought it would be a good time to kind of take stock and review where things are globally in terms of the cybersecurity landscape. I do plan to have some more in depth follow ups on specific things that we've mentioned here. Things like security awareness training, which again, is something that we do here at m3, but we can dedicate a whole episode to that and also talk a little bit more about ransomware and the account takeover threats, which are going to be the number one thing soon that we're all going to have to find ways or better ways to handle than what most businesses are doing right now. So I hope that's been informative. That's it for this episode of Techcess. Have a great weekend.

 

 

Techcess is a podcast from m3 Networks

Transcript provided by Podknows Podcasting