According to Ivanti’s State of Security Preparedness 2023 Report, just 20% of Chief Information Security Officers (CISOs) and other cybersecurity leaders surveyed believe they are sufficiently protected against the negative impact of a data breach today. This is despite 97% of that population of security leaders asserting that their organizations were as prepared or more prepared for a cyberattack than they were one year ago.

A checklist mentality among non-security leaders is a reactive approach that slows progress. Additionally, Ivanti’s research also found that executives—the leaders of organizations—are 4x more likely to become victims of phishing attacks than other personnel. Whaling is the latest digital epidemic facing companies worldwide.

Greatest Gaps in Security Preparedness

Ivanti’s research team found four primary areas in which the predicted threat levels for the coming year are in the high to critical range. These four areas are:

- Ransomware

- Phishing

- Software Flaws

- Distributed Denial of Service (DDoS) Attacks

Still, of the total types of threats, the Ivanti team learned that most CISOs feel least prepared to defend against supply chain vulnerabilities, software flaws, and ransomware.

Ivanti referred to supply chain vulnerabilities, ransomware, software vulnerabilities, and also API-related vulnerabilities as “inverted” threats, meaning levels of preparedness lag behind the estimated threat levels.

Image source: Ivanti’s State of Security Preparedness 2023 Report.

Prioritizing and Streamlining Patch Management is Key

With targeted ransomware attacks nearly doubling in 2022 and over 21,400 ransomware strains detected, IT and security teams need to prioritize patching. Yet, 71% of leaders of those teams see patching as cumbersome, overly complex, and time-consuming.

Ivanti’s research found that patches generally only become a priority after organizations are attacked. In fact, it seems that 61% of the time, it’s only after a security incident that significant patch management is employed by enterprises. This is when, 58% of the time, successful attacks occurred through known, actively exploited software vulnerabilities.

Image source: Ivanti’s State of Security Preparedness 2023 Report.

Tech Stack Complexity and the Skills Gap

It should come as no surprise that tech stack complexity is considered one of the most significant barriers to organizations as they strive to improve security preparedness. 37% of security leaders identified complex tech stacks as a major obstacle for improving cybersecurity.

Another major obstacle, that is not far behind, is the chronic skills gap: the labor shortage in cybersecurity. According to Ivanti’s report, “This gap reinforces findings by many other studies, including a recent report from ISC2 that found the global cybersecurity workforce gap increased by 26.2% in 2022 compared to 2021, and 3.4 million more workers are needed to protect assets effectively.”

Image source: Ivanti’s State of Security Preparedness 2023 Report.

Webcheck Security is one of the few security consulting firms that maintains a roster of highly qualified, and battle-hardened, virtual Chief Information Security Officers (CISOs)—also known as vCISOs or Fractional Information Security Officers (FISOs). Contact us today to schedule a meeting to discuss how you can take advantage of the benefits of a vCISO. Every modern organization lacking security leadership has an urgent need to be filled, and Webcheck Security’s services are designed to help you rapidly meet that need.