Cybersecurity teams are overconfident of their ability to deal with threats
A study from Immersive Labs finds that while businesses have high confidence in their overall resilience, teams are insufficiently prepared for threats.
The study, carried out by Forrester, surveyed 316 global cybersecurity training strategy decision-makers in the UK, US, Canada, Germany, and Sweden, finds that 82 percent agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared.
More than 80 percent don't think, or are unsure, that their teams have the capabilities to respond to future attacks.
"When we asked general questions, they were pretty confident that other teams had it and they're all fine," says Max Vetter, VP of cyber at Immersive Labs. "But when we delved in and actually asked specific questions that dug below the surface they weren't confident at all."
Only 17 percent of respondents consider their cybersecurity team to be fully-staffed and nearly half admit they aren't able to measure cyber capabilities, further eroding confidence in their organization’s preparedness.
“Traditional training methods aren't very good actually getting people better at dealing with cyberattacks,” adds Vetter. "If you get a certificate for it, because it's multiple choice questions that doesn't really tell you that you can deal with a ransomware attack that's going through the network. Most executives want return on investment for anything they spend so how do you prove that money spent on security training is actually worthwhile? And if you can't prove it, then you're not going to be confident that you have other options."
Indeed 64 percent of respondents agree that traditional cybersecurity training methods (e.g., certifications, video training courses, classroom instruction) are insufficient to ensure cyber resilience. According to cybersecurity training decision-makers, the most effective training approaches are live simulations and online training and upskill platforms, in which over 60 percent of respondents plan to increase their investment.
"Loads of good cyber companies out there are delivering great tech, but it's the people using them that is always the bit that gets stuck," says Vetter. "Technology moves so quickly that it's a constantly changing threat landscape. You always want more money and security, but it's understanding what you can do with it. Before it was just a subset of the IT team now it touches every part."
The full study is available from the Immersive site.