Wednesday , June 25 2025
Man

A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago.

The annual study, sponsored by Adobe, showcases the feedback of more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape. According to the data, the top reasons for this increased stress are:

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

An increasingly complex threat landscape (81 percent)
Low budget (45 percent)
Worsening hiring/retention challenges (45 percent)
Insufficiently trained staff (45 percent)
Lack of prioritization of cybersecurity risks (34 percent).
Increasing Cybersecurity Attacks

In line with this sentiment around challenging threats, 38 percent of organizations are experiencing increased cybersecurity attacks, compared to 31 percent a year ago. These top attack types include social engineering (19 percent), malware (13 percent), unpatched system (11 percent) and Denial of Service (11 percent).

On top of that, nearly half (47 percent) expect a cyberattack on their organization in the next year, and only 40 percent have a high degree of confidence in their team’s ability to detect and respond to cyber threats.

“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches,” said Mike Mellor, VP of Cyber Operations at Adobe. “With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organization.”

Resource Challenges:

Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. More than half (51 percent) say that cyber budgets are underfunded (up from 47 percent in 2023), and only 37 percent expect budgets will increase in the next year.

Though 57 percent of organizations say their cybersecurity teams are understaffed, hiring has slightly slowed:

38 percent of organizations have no open positions, compared to 35 percent last year,
46 percent of organizations have non-entry level cybersecurity positions open, compared to 50 percent last year.
18 percent have entry-level positions open, compared to 21 percent last year.
Skills and Retention Trends
Employers seeking qualified candidates for open roles are prioritizing prior hands-on experience (73 percent) and credentials held (38 percent). Respondents indicate that the main skills gaps they see in cybersecurity professionals are soft skills (51 percent)—especially communication, critical thinking and problem solving—and cloud computing (42 percent).

For the more than half of survey respondents (55 percent) that reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being recruitment by other companies (50 percent, down eight points from 2023), poor financial incentives (50 percent), limited promotion and development opportunities (46 percent), and high work stress levels (46 percent).

“Employers should home in on the occupational stress their digital defenders are facing. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you.”

A complimentary copy of ISACA’s 2024 State of Cybersecurity survey report can be accessed at www.isaca.org/state-of-cybersecurity-2024.

Check Also

AI Vulnerability

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported …

Leave a Reply

Your email address will not be published. Required fields are marked *