InfoSecBulletin Cybersecurity for mankind
A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of Cybersecurity Survey report indicates a decline in job openings. It also reveals that 64% of cybersecurity professionals in Australia find their roles more stressful than five years ago, and 57% are unaware of their organization’s cyber insurance status.
An annual Adobe study gathered insights from over 1,800 cybersecurity professionals about the workforce and threat landscape. It found that Australian cybersecurity professionals experience slightly higher stress levels than their global counterparts due to various reasons, including:
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
CISA, FBI Warns
Hacker compromised multiple teleco network at US
An increasingly complex threat landscape (85% v. 81% globally);
Low budget (48% v. 45% globally)
Worsening hiring/retention challenges (50% v. 45% globally); and
Lack of prioritisation of cybersecurity risks (35% v. 34% globally)
However, global cybersecurity professionals are feeling the strain of insufficiently trained staff at a higher rate than in Australia, at 45% compared to 37% locally.
Status of Cybersecurity Attacks:
In Australia, 29% of organizations are facing increased cybersecurity attacks, compared to 38% globally. The most common types of attacks are social engineering (19%), third-party breaches (19%), security misconfigurations (14%), sensitive data exposure (13%), and unpatched systems (13%).
Over half of Australians (53%) anticipate a cyberattack on their organization within the next year, surpassing the global average of 47%. Additionally, only 32% feel confident in their team’s ability to detect and respond to cyber threats.
In Australia, 57% of organizations are unaware of their cyber insurance coverage.
Jo Stewart-Rattray, ISACA’s Oceania Ambassador, noted that Australia has fewer reported cybersecurity incidents than the global average, but organizations should remain vigilant.
“Despite a lower number of respondents reporting cyberattacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals,” said Stewart-Rattray. “Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”
“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning,” she adds. “It highlights the urgent need for ongoing education and training to keep pace with evolving threats. Knowledge, preparedness and teamwork remain integral to preserving digital security.”
Resource Challenges:
The survey indicates that, despite growing cybersecurity threats, budgets and staffing are lacking. Nearly 47% believe budgets are insufficient, and only 33% anticipate an increase in funding over the next year.
Though 51% of organisations say their cybersecurity teams are understaffed, hiring has slightly slowed:
44% of organisations have no open positions;
42% of organisations have non-entry level cybersecurity positions open; and
14% have entry-level positions open
Skills and Retention Trends:
Employers seeking qualified candidates for open roles are prioritising prior hands-on experience (82%) and credentials held (36%).
Respondents indicate that the main skills gap they see in cybersecurity professionals are soft skills (47%), especially in communications, critical thinking and problem-solving, and cloud computing (38%).
In Australia, 63% of survey respondents struggle to retain qualified cyber candidates, compared to 55% globally. The main reasons for candidates leaving are high work stress (60% vs. 46% globally), inadequate financial incentives (57%), and recruitment by other companies (54%).
“Employers should hone in on the occupational stress their digital defenders are facing,” says Jon Brandt, ISACA Director of Professional Practices and Innovation. “This is an opportunity for employers to explore ways to support staff before burnout and attrition occur. Employees want to feel valued. As the leadership adage goes, take care of your people, and they’ll take care of you.”
