(7 Oct 2024) O’Reilly has released its 2024 State of Security Survey report, revealing a concerning disconnect between the rapidly evolving cyber threats and the readiness of security teams to combat them. This comprehensive study, which surveyed over 1,300 tech professionals, sheds light on the current security landscape, identifies emerging threats, and assesses how organizations are adapting their security strategies and workforce development to meet these challenges.
A significant finding from the survey is the critical AI security skills gap, with 33.9% of tech professionals reporting a shortage of AI security skills, particularly regarding emerging vulnerabilities like prompt injection. This highlights the urgent need for specialized training as the adoption of AI technologies continues to accelerate across various industries.
Cloud security expertise also emerged as a pressing concern. Despite two decades of cloud computing, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organizations continue their cloud migration journeys, potentially exposing them to cloud-specific security threats.
Looking forward, the survey indicates that AI-enabled security tools will be the top priority for the coming year, with 34.4% of respondents prioritizing their implementation, followed closely by security automation at 28.2%. This shift signals a robust move toward automating cybersecurity defenses.
Additional key findings from the survey include:
• Phishing Remains the Top Threat: In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as their primary security concern, followed by network intrusion at 39.9% and ransomware at 35.1%. This persistence of a “low-tech” threat emphasizes the critical need for comprehensive employee training.
• Security Measures Implemented: A significant majority of tech professionals (88.1%) have adopted multifactor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model.
• Certification Gap: Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is particularly pronounced among incident responders, where 70% are uncertified, compared to 33.3% for Chief Information Security Officers (CISOs). The most required and desired credentials include CISSP and CompTIA Security+.
• Continuous Learning Imperative: An overwhelming 80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.
• Ongoing Training Needs: Security professionals highlighted the importance of continuous learning, utilizing online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats.
The survey found that improving security awareness training for all employees (40.1%) is deemed the most crucial step in enhancing an organization’s security posture, surpassing the need for additional staffing and better security tools.
Click here to read the original press release.
