ISACA Survey Points to Growing Threats and Lack of Automation 

kevin-sheu
By Kevin Sheu
VP of Product Marketing
October 14, 2024

This month ISACA released the results of their authoritative annual cybersecurity workforce survey, which covers feedback from over 1,800 ISACA-member security professionals on every continent (although nearly half in the U.S. and a quarter in Europe), the majority at organizations with 1500+ employees. As befits a cybersecurity professionals association, the report emphasizes findings on the lack of security workforce readiness, inadequate budgets, and low staffing levels, all of which underpin the report’s lead statistic on occupational stress, namely that two-thirds of respondents said their jobs are more stressful than five years ago, contributing to burnout and attrition. The report provides food for thought for any IT manager and is required reading for Human Resources departments. 

Threat landscape is stressing people out 

But there’s more to be had here. There’s no question more and adequately trained staff is fundamental, but if you look at some of the contextual information found further down in the report, you see evidence that the job such professionals are being asked to do – with the tools they have been given – is increasingly difficult. You can also catch a glimmer of a much-needed change of approach that would improve defenses and remove some of that stress. 

This latest survey is more confirmation that an oft-mentioned reality continues to be true – that the nature of threats keeps advancing and organizations frequently find themselves falling further and further behind. Far and away, the top reason given for increased stress isn’t low budgets or lack of training or failure of company leadership to prioritize security – even though these are among the reasons cited – it’s the “threat landscape is increasingly complex,” listed by 81 percent of respondents, nearly double the next-closest response. Couple that with the survey finding that 38 percent of surveyed companies say they experienced increased cybersecurity attacks in the past year, and we can add the growing volume of attacks to the problem of their increased sophistication. 

Figure 1 – The top source of stress is a changing threat landscape, something outside the control of companies and cybersecurity staff.  (Source: ISACA, “State of Cybersecurity: 2024 and Beyond,” 2024) 

Could we please automate 

Between the lines on page 36 of the report you can find evidence of another root cause of the stress being caused cybersecurity professionals – the complexity of the legacy tools and manual processes that they are supposed to use to cope with an increasing volume of increasingly clever threats, coupled with a lack  of new technologies to simplify those defenses and introduce intelligent automation. The survey report concludes that “Use of AI in security operations remains in its infancy,” drawing on the fact that just a little more than one-quarter of the companies surveyed say that they currently use AI in automating threat detection and response. Nearly half of those surveyed said AI is not being applied at their organization for any of the security use cases listed (threat detection, endpoint, ops automation, fraud), or don’t know if they are, or just preferred not to answer, which tells us that a lot of people have yet to get with the program.  

More people, sure – better model, definitely 

In the end, you can hire and train more staff, but you’ll continue to be behind the curve if you don’t change the security model into which you are inserting them. This means leveraging modern, massively simplified SASE platforms (like, say, VersaONE) that unify a morass of legacy networking and security functions and build in AI-driven threat detection and AIOps to routinize security processes and remove manual interfaces. 

Topics





Recent Posts








Top Tags


Gartner Research Report

2024 Gartner® Magic QuadrantTM for SD-WAN

For the fifth year in a row, Versa has been positioned as a Leader in the Gartner Magic Quadrant for SD-WAN. We are one of only three recognized vendors to be in the Gartner Magic Quadrant reports for SD-WAN, Single-Vendor SASE, and Security Service Edge.