A new study commissioned by Kaspersky has found that IT
security decision makers are boosting their cybersecurity following an alarming
increase in cyberattacks in 2024. This was made evident by the data that
highlighted that more than three quarters (77%) of companies suffered at least
one cyber incident in the last two years. One of the main reasons cited was the
shortage of qualified IT security staff (18%). Among other measures to
strengthen cybersecurity, 41% of respondents claimed that their companies plan
to invest in outsourcing cybersecurity in the next 12 to 18 months.
Kaspersky conducted a study to learn the opinions of IT
Security professionals working for SMEs and corporations worldwide regarding
the impact people have on cybersecurity in a company. The survey gathered
information about various groups of people who influence cybersecurity, looking
at both internal staff, and external actors. It also analyzed levels and types
of online safety company bosses believed warranted investment.
The respondents indicated that a variety of measures would
be necessary to address cybersecurity gaps, and among them, 24% said they would
like to see more external specialists brought in. It also appears company
investment plans are well in line with their expectations. One quarter of
organizations (25%) plan to invest in third-party professional services, and as
many as 23% of respondents are aiming to outsource their cybersecurity to
MSP/MSSP (Managed Service Providers/Managed Security Service Provider). The
most likely industries to invest in third-party services in the near future are
critical infrastructure, energy and oil & gas companies.
At the same time, many organizations plan to invest in
automation of their cybersecurity processes. In the next 12 months, almost half
of businesses globally (45%) have concrete plans to implement software that
automatically manages their cybersecurity, while 20% are discussing the
subject.
"The automation and outsourcing of cybersecurity
tasks are major areas that organizations struggle with due to a lack of experts
and alert fatigue," said Ivan Vassunov, vice president of corporate
products at Kaspersky. "Turning to external experts, - whether it's
outsourcing, to manage the whole cybersecurity system, or adopting expert-level
services to assist the IT Security department - is the optimal solution for
many. Cybersecurity vendors, Managed Service Providers, Managed Security
Service Providers are the companies that have relevant expertise, all the
necessary tools, and can manage cybersecurity effectively for customers of any
size. Additionally, they can provide the customer with various options, such as
Managed Detection and Response, where SOC experts continuously carry out
monitoring, or assistance in case of emergency like investigating a particular
incident."
To manage the shortage of tools or IT Security employees
in-house, Kaspersky recommends:
- Make use of the
expertise offered by managed security providers offerings. For example, Kaspersky
Managed Detection and Response raises the overall protection
level of an organization by monitoring of telemetry coming from the
company's IT network 24/7, and helps with the development of in-house
processes and best practices while following the incident response
guidelines provided by Kaspersky experts. Additionally, the AI assistant
in MDR automatically handles about half of all security alerts to ensure
maximum protection.
- Implementing Kaspersky
Professional Services optimizes the workload of a struggling IT
department. Kaspersky experts assess the state of your current IT
security, then deploy and configure Kaspersky software quickly and
properly to ensure hassle-free ongoing performance. And Kaspersky
Premium Support speeds up and boosts the efficiency of any
Kaspersky-based IT security infrastructure.
- For SMBs that lack the
budget to purchase some cybersecurity products and hire dedicated IT
security professionals, just one IT administrator (even part time or
outsourced) is enough to easily manage Kaspersky
Endpoint Security Cloud through a console with numerous automated
scripts.
- Invest in cybersecurity
trainings so your current IT security specialists' skills are always
up-to-date and equipped to handle anything the cyber threat landscape
throws at your organization. Kaspersky
Cybersecurity for IT Online training helps build up simple yet
effective IT security best practices and simple incident response
scenarios for general IT administrators. And Kaspersky Expert Training equips
your security team with the latest knowledge and skills to manage and
mitigate threats, protecting your organization from even the most
sophisticated attacks.
The full report and more insights on the human impact on
cybersecurity in business are available via the link.