Missed a session at the Data Summit? View on demand here.
A recent Immersive Labs analysis of 35,000 cybersecurity team members across 400 large organizations found that it takes an average of more than three months (96 days) to develop the knowledge, skills, and judgment to defend against breaching threats. One particular breaking threat took an average of more than six months (204 days) to master, raising concerns among organizations forced to act quickly.
On the other hand, four of the five fastest-developed skills in 2021 revolved around the Log4j vulnerability. The proliferation of advanced threats is forcing organizations to find ways to upgrade skills faster and more efficiently; unfortunately there is still a big gap. The development of knowledge, skills and judgment was also faster against high-profile threat groups. The top five of interest are UNC2452 (Solarwinds), Iranian threat groups, Fin 7, Hafnium and Darkside.
However, the frequency with which organizations conduct cybersecurity crisis exercises varies significantly across sectors. An analysis of 6,400 crisis response decisions shows that technology companies and financial services companies are the most prepared for cyber attacks, with nine and seven exercises per year, respectively. On the other hand, vital national infrastructure organizations prepare the least, with only one exercise a year.
The report also looked at application security and found that AppSec teams generally develop human cyber capabilities faster than cybersecurity teams. Seventy-eight percent of all application security skills are developed faster than expected turnaround time, as opposed to only 11% of cybersecurity labs. In addition, the average application security lab completed 2.5 minutes below the expected complete time, while the average time to complete cybersecurity labs is 17 minutes longer. This continues to highlight the much-needed strategic alignment between AppSec and security teams to keep organizations safe.
The Immersive Labs Cyber Workforce Benchmark report analyzed cyber knowledge, skills and judgment from more than half a million exercises and simulations conducted by more than 2,100 organizations in the past 18 months. These were broken down to understand the cyber capabilities of the cybersecurity, application security and crisis response team personnel.
Read the full report from Immersive Labs.
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more
This post Report: Cybersecurity teams need nearly 100 days to develop threat protection
was original published at “https://venturebeat.com/2022/03/11/report-cybersecurity-teams-need-nearly-100-days-to-develop-threat-defenses/”