Global cybersecurity software and service provider Fortra has disclosed its inaugural 2024 State of Cybersecurity Survey, the study aims to uncover the constraints security professionals have had to grapple with in securing their enterprises over the previous year.

Central revelations include that the most significant security threats companies anticipate in the upcoming six months are phishing (81%), malware and ransomware (76%), and accidental data loss (63%). Additional data also reveals changes in the approach to tackling these risks. The top cybersecurity initiatives of 2024 include limiting outsider threats such as phishing and malware (74%), identifying and sealing security gaps (73%), boosting security culture (66%), and enhancing cloud security (63%).

Elucidating on the initiatives, Principal Cybersecurity Evangelist at Fortra, Antonio Sanchez, commented: “While these may seem like disparate concerns, they can all be traced back to the headlong rush to the cloud. The impacts of this rapid migration – weak policies, poor container security, misconfigurations, and gaping security holes – came home to roost in 2023 and the consequences will still be playing out this year.”

Furthermore, some distinct obstacles hinder the execution of these security strategies. The largest being budget constraints (54%), followed by an incessant shape-shifting nature of threats (45%), and a widespread lack of security skills (45%).

Sanchez deliberated further on cloud security issues: "Now, the top focus is on improving controls and processes around phishing and malware followed by identifying the latest attack vectors for hardening. Security leaders know that improving security awareness has a direct correlation to improving phishing and malware defences, so they have made improving security culture a top initiative as well."

This evidently resonates with many organisations, with 64% of respondents admitting their operations constitute a hybrid environment, whilst 19% have adopted a cloud-first approach, and 12% report being cloud-only. The 6% that disclosed no plans for migration cited security concerns as the primary deterrent.

The survey also delved into skill shortages and the growing role of Managed Security Services. Wade Barisoff, Director of Product, Data Protection, remarked: “These challenges have contributed to the creation of a very transient cybersecurity culture. In particular, the skills gap means everyone has to wear many hats – analysts are required to be experts in multiple security domains as well as cloud – and consequently, no one is an expert.”

Yet, this seems to have spurred a shift towards progressive upskilling, with 67% of organizations acknowledging their focus on improving their staff skills. Also, organisations are leaning on managed security services to alleviate some of the pressure, popular areas to outsource being email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%).

Josh Davies, Principal Technical Manager, commented, "Burnout is one trend that’s causing skilled people to leave organizations or transition into roles with more targeted responsibilities. This puts additional stress on the remaining staff as they must still deliver the required outcomes with fewer headcount. We are seeing increased adoption in managed security services to relieve a portion of their operational burden."

The 2024 Fortra State of Cybersecurity Survey aggregated the views of over 400 security professionals from 40 different industries across all continents. It's a crucial measure at a critical juncture in organisations’ digital transformation journeys, when leaders are devising security for their new hybrid infrastructure that meets the productivity needs of distributed workforces.