Phishing the top security threat

The 2024 Fortra State of Cybersecurity Survey uncovers the key security challenges and opportunities for organizations this year.

  • Thursday, 18th January 2024 Posted 11 months ago in by Phil Alsop

81% of Security Professionals Identify Phishing as the Top Threat in 2024

UNDER EMBARGO until 9am EST/2pm GMT January 18, 2024: MINNEAPOLIS – January 18, 2024 – Global cybersecurity software and services provider Fortra today published the findings from its inaugural 2024 Fortra State of Cybersecurity Survey. The research uncovers the challenges security professionals have faced over the past year, as well as what they plan to focus on next as they continue to embrace digital transformation, new hybrid infrastructure, and tackle a challenging security landscape.

Hybrid Environments Lead to Disparate Challenges and Priorities

The survey found that most organizations anticipate phishing (81%), malware and ransomware (76%), and accidental data loss (63%) will be the top security risks over the next six months, followed by social engineering (55%) and third-party risks (52%).

To address these threats, security professionals’ top five cybersecurity initiatives for this year are: limiting outsider threats (such as phishing and malware) (74%), finding and closing security gaps (73%), improving security culture (66%), securing the cloud (63%), and compliance (62%).

“While these may seem like disparate concerns, they can all be traced back to the headlong rush to the cloud,” explains Antonio Sanchez, Principal Cybersecurity Evangelist. “The impacts of this rapid migration – weak policies, poor container security, misconfigurations, and gaping security holes – came home to roost in 2023 and the consequences will still be playing out this year.”

Sanchez continues: "Now, the top focus is on improving controls and processes around phishing and malware followed by identifying the latest attack vectors for hardening. Security leaders know that improving security awareness has a direct correlation to improving phishing and malware defenses, so they have made improving security culture a top initiative as well. Improving security culture should also free up resources so they can focus on cloud security as organizations continue to adopt cloud-first and cloud-preferred strategies."

In line with this, 64% of respondents in Fortra’s survey reported having a hybrid environment, while 19% were cloud-first, and 12% were cloud-only. The 6% who said they had no plans to move to cloud cited security concerns as the reason to not make the jump (77%).

Skill Shortages and the Increasing Role of Managed Security Services

The research also explored the hurdles hindering the execution of security strategies, with budget limitations (54%), the constantly changing nature of threats (45%), and lack of security skills (45%) topping the list. In addition, the survey revealed that while everyone is seeking to implement principles of zero trust, a quarter said they aren’t planning to due to insufficient resources.

Commenting on execution challenges, Wade Barisoff, Director of Product, Data Protection said: “These challenges have contributed to the creation of a very transient cybersecurity culture. In particular, the skills gap means everyone has to wear many hats – analysts are required to be experts in multiple security domains as well as cloud – and consequently, no one is an expert.”

Many organizations are aware that upskilling needs to occur to strengthen their security position, with 67% saying they are focusing on improving the skills of their staff. Organizations are also leaning into managed security services to offload some of the weight. The most popular areas to offload being: email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%).

Explaining this shift, Josh Davies, Principal Technical Manager said: "Burnout is one trend that’s causing skilled people to leave organizations or transition into roles with more targeted responsibilities. This puts additional stress on the remaining staff as they must still deliver the required outcomes with fewer headcount. We are seeing increased adoption in managed security services to relieve a portion of their operational burden."  

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 1 week ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.