- Only one in 10 organizations are able to process 75% or more of their data relating to a security event, according to Oracle and KPMG's survey of more than 450 security professionals in the public and private sectors.
- CIOs, however, are twice as likely to analyze more than 75% of the data compared to other practitioners, though less than one-fifth of CIOs are able to do so.
- Only 10% of CISOs have a complete understanding of their organization's shared responsibility security model (SRSM) compared to one-quarter of CIOs with no confusion. Confusion over SRSM has introduced malware to 34% of respondents' companies and unauthorized access to data 30%.
Cybersecurity reports tend to paint a pretty abysmal picture for companies. At the very least, they shed light on the impossibility of complete protection.
The inability to properly assess data in the aftermath of a security incident speaks to the inadequacy in available cybersecurity skills. Detecting and reacting to security incidents is a concern for one-third of respondents, but a lack of skills or qualified staff is the second leading cybersecurity challenge, according to the report.
Blaming a cyber incident on negligence is not always an accurate representation of how the event transpired. Attackers' sophistication is growing and the resources they have available, specifically nation-states, will almost always get the better of a company.
Attackers are more heavily relying on what is already available in a company's environment and pursuing trivial means of exploiting a system, like "living off the land."
Public-facing cloud environments offer companies little reprieve when it comes to security. Secure configurations for maitenance of cloud-based workloads is the toughest task for 39% of respondents, according to the report.
The cloud isn't this "euphoric neighborhood" it was once thought of. It demands integrated security throughout a network as opposed to a firewall, standing to keep out singular threats.