Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet, tells us why closing risk management strategy gaps, including addressing critical resources like staffing, is vital to protect any organisation effectively.
With nearly four million professionals needed to fill critical cybersecurity roles, organisations around the globe are feeling the impact of the on-going skills gap. Breaches can rarely be attributed to a single cause yet 58% of leaders indicate that a lack of IT and cybersecurity skills and training within their organisation contributes to security incidents.
All it takes is a single cyber-incident to open any organisation to new threats and vulnerabilities. For example, following a breach, threat actors now have valuable insights about an enterprise’s environment that they can use to craft a new attack. Others may attempt to capitalise on a previous breach, viewing a recently compromised organisation as low-hanging fruit. While understanding and taking steps to mitigate these risks is crucial, what is often even more concerning, especially to those in C-level positions and on the board of directors, is the potential impact these incidents can have on business operations.
That’s why closing risk management strategy gaps, including addressing critical resources like staffing, is vital to protect any organisation effectively.
The skills shortage increases cyber-risks, leading to new threats and vulnerabilities
Cybercriminals continue to advance their operations, refining well-known attack methods and using Generative AI to speed their efforts. Therefore, it’s not surprising that cybersecurity incidents are rising worldwide. According to Fortinet’s 2024 Cybersecurity Skills Gap Report, almost 90% of businesses experienced one or more security breaches last year, up from 84% in 2024 and 80% in 2021. The dire need for skilled cybersecurity professionals puts businesses at a disadvantage: Nearly three-quarters of leaders agree that the cybersecurity skills gap creates additional risks for their enterprise.
Breaches are equally common across all regions, with the average number of breaches per organisation in Asia Pacific being the highest (3.18) and Latin America being the lowest (2.79). And the percentage of organisations that report suffering no breaches at all continues to shrink- just 13% of businesses had zero breaches in 2023 compared to 15% the year before and 20% in 2021.
As breaches rise, the threat landscape remains familiar
While organisations increasingly fall victim to cybercriminals, the attacks used to compromise networks are familiar to defenders.
Malware, phishing and web attacks combined accounted for 80% of all attacks organisations experienced yearly. Password attacks were more common in North America and leaders in APAC experienced a higher percentage of phishing and web attacks than in other regions.
Cyberincidents have far-reaching impacts
Cybersecurity incidents have increasingly significant impacts on organisations, ranging from financial to reputational challenges. More than half (53%) of leaders say breaches cost their organisations over US$1 million in 2023, with North America and APAC reporting the most financially damaging attacks. Regarding recovery time, 63% said it took more than one month to bounce back from a cyberattack, with the average time being nearly three months.
In addition to monetary ramifications and lengthy recovery times, corporate leaders are held accountable when breaches occur: 51% of IT and security leaders say that board members or executives have faced fines, jail time, loss of their position and loss of employment following a cyberattack.
A robust cybersecurity programme requires technology, training and awareness
The stakes are high for organisations when it comes to cybersecurity. Breaches continue to take a financial toll and senior leaders are sometimes penalised when they happen. With the growing skills gap creating additional risks for organisations, many businesses are embracing new, creative approaches to recruiting, hiring and retaining skilled professionals. It’s encouraging that leaders pursue unique initiatives and collaborate across the public and private sectors to address this challenge, as this is a crucial piece of the puzzle when it comes to strengthening an organisation’s overall defences.
Given these complexities, organisations should focus on a three-pronged approach to cybersecurity that blends technology, training and awareness. Fortinet offers the most extensive integrated portfolio of over 50 enterprise-grade products through our Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industry’s broadest training and certification programmes, is dedicated to making cybersecurity certification and new career opportunities available to everyone and offering current professionals the chance to advance their skill sets.
The institute offers a variety of free and low-cost education and certification programmes, unique initiatives to upskill and reskill individuals from diverse backgrounds. The Fortinet Training Institute also has a Security Awareness Training offering designed to help organisations cultivate a more cyberaware workforce.
Cybercriminals aren’t slowing down anytime soon, making cybersecurity an ‘all hands on deck’ effort for every organisation. Highly skilled professionals with access to the right cybersecurity technologies are essential to protecting businesses from breaches, as is having cyber-aware employees who can serve as a solid first line of defence. By refreshing and strengthening distinct aspects of a risk management strategy, an enterprise will be better positioned to defend against the speed and volume of today’s attacks.