InfoSecBulletin Cybersecurity for mankind
A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of Cybersecurity Survey report indicates a decline in job openings. It also reveals that 64% of cybersecurity professionals in Australia find their roles more stressful than five years ago, and 57% are unaware of their organization’s cyber insurance status.
An annual Adobe study gathered insights from over 1,800 cybersecurity professionals about the workforce and threat landscape. It found that Australian cybersecurity professionals experience slightly higher stress levels than their global counterparts due to various reasons, including:
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
An increasingly complex threat landscape (85% v. 81% globally);
Low budget (48% v. 45% globally)
Worsening hiring/retention challenges (50% v. 45% globally); and
Lack of prioritisation of cybersecurity risks (35% v. 34% globally)
However, global cybersecurity professionals are feeling the strain of insufficiently trained staff at a higher rate than in Australia, at 45% compared to 37% locally.
Status of Cybersecurity Attacks:
In Australia, 29% of organizations are facing increased cybersecurity attacks, compared to 38% globally. The most common types of attacks are social engineering (19%), third-party breaches (19%), security misconfigurations (14%), sensitive data exposure (13%), and unpatched systems (13%).
Over half of Australians (53%) anticipate a cyberattack on their organization within the next year, surpassing the global average of 47%. Additionally, only 32% feel confident in their team’s ability to detect and respond to cyber threats.
In Australia, 57% of organizations are unaware of their cyber insurance coverage.
Jo Stewart-Rattray, ISACA’s Oceania Ambassador, noted that Australia has fewer reported cybersecurity incidents than the global average, but organizations should remain vigilant.
“Despite a lower number of respondents reporting cyberattacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals,” said Stewart-Rattray. “Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”
“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning,” she adds. “It highlights the urgent need for ongoing education and training to keep pace with evolving threats. Knowledge, preparedness and teamwork remain integral to preserving digital security.”
Resource Challenges:
The survey indicates that, despite growing cybersecurity threats, budgets and staffing are lacking. Nearly 47% believe budgets are insufficient, and only 33% anticipate an increase in funding over the next year.
Though 51% of organisations say their cybersecurity teams are understaffed, hiring has slightly slowed:
44% of organisations have no open positions;
42% of organisations have non-entry level cybersecurity positions open; and
14% have entry-level positions open
Skills and Retention Trends:
Employers seeking qualified candidates for open roles are prioritising prior hands-on experience (82%) and credentials held (36%).
Respondents indicate that the main skills gap they see in cybersecurity professionals are soft skills (47%), especially in communications, critical thinking and problem-solving, and cloud computing (38%).
In Australia, 63% of survey respondents struggle to retain qualified cyber candidates, compared to 55% globally. The main reasons for candidates leaving are high work stress (60% vs. 46% globally), inadequate financial incentives (57%), and recruitment by other companies (54%).
“Employers should hone in on the occupational stress their digital defenders are facing,” says Jon Brandt, ISACA Director of Professional Practices and Innovation. “This is an opportunity for employers to explore ways to support staff before burnout and attrition occur. Employees want to feel valued. As the leadership adage goes, take care of your people, and they’ll take care of you.”
