Splunk: top security issues facing the enterprise in 2022

Cyberattacks keep rising as cybersecurity becomes more complex and critical amidst ongoing digital transformation. A survey finds that around 65% of organizations reported an increase in attempted cyberattacks from mid-January through mid-February 2022.

Especially supply chain attacks are on the radar of security teams per Splunk’s State of Security 2022 Report. Given the SolarWinds hacks of 2020 and the Log4Shell/Log4j incident of end 2021, this might not seem that surprising.

vulnerability attack

Moreover, it’s well-known that while digital attack surfaces keep expanding, third-party risks become ever more important, and (software) supply chain attacks will continue to increase. According to Gartner, by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains.

Increasing cyberattacks and data breaches 2022

The earlier mentioned increases in cyberattack attempts overall and the unprecedented concerns regarding supply chain security challenges (whereby attacks occur via suppliers such as vendors or other stakeholders) are only two key findings of the survey.

A third major topic covered in the report, made in collaboration with Enterprise Strategy Group, concerns security talent that remains scarce and faces increasing challenges whereby automation and ‘intelligent technologies’ continue to be one of the remedies.

The median time to recover from unplanned downtime tied to cybersecurity incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour.

An overview of some results from the report by data platform company Splunk.

According to the report, for which over 1,200 security leaders took a survey, almost half of organizations (49% to be precise) suffered a data breach over the past two years. Last year, in 2021, this was the case for 39% of respondents.

Ransomware attacks remain high, with 79% of respondents having encountered them and 35% admitting one or more ransomware attacks led them to lose access to data and systems.

Splunk State of Security 2022 report selected data
Splunk State of Security 2022 report selected data – source and more information

The challenges of security teams and cybersecurity talent

Times aren’t easy for cybersecurity teams, and the data breaches and ransomware attacks have exhausted them. Moreover, 64% of participants state that keeping up with new security requirements is challenging. That’s up an impressive 49% compared to only a year ago.

Increasing workloads and persistence of cybercriminals come on top of the so-called Great Resignation, the additional security challenges of remote and hybrid work models with future of work technologies, and the talent shortage, which is an ongoing issue in cybersecurity.

Per the State of Security 2022 Report, a whopping 76% of respondents say their team members have been forced to take on responsibilities they are not ready for, and 70% say the increasing workloads have led them to consider looking for a new role.

Over the past twelve months, it has gotten harder to recruit and retain talent. Many workers have resigned, with burnout often cited as the reason, and talent shortages lead to the failure of projects/initiatives, with 53% of respondents unable to hire enough staff.

73% within the industry have reported colleagues quitting due to burnout. 53% of respondents say they can’t hire enough staff and 58% cite an inability to find talent with the right skills.

Focus on supply chain attacks and risks

As mentioned, supply chain attacks are a major concern for participants. As a result of the high-profile SolarWinds hacks in 2020, the Log4Shell exploit issue, and others, a whopping ninety percent of organizations increased their focus on third-party assessments per Ryan Kovar, Distinguished Security Strategist at Splunk.

Kovar: “In my 20 years in IT security, I’ve never seen software supply chain threats given this level of visibility. Unfortunately, this will only increase the already intense pressure security teams face.”

In an article on the State of Security 2022 Report for Forbes, Ryan Kovar states that since SolarWinds, Log4Shell, Kaseya, and others, 97% of organizations have taken action in response, and “61% of CISOs are delivering regular briefings on the subject to the C-suite and the board”. In his view, organizations will need to start using an SBOM, or software bill of materials, when buying software.

In a blog post, Splunk’s Jane Wong points to increasing investments in analytics and automation (enabling teams and experts to focus on core tasks and do more in less time) and the rising adoption of DevSecOps processes, on top of increasing reliance on the SBOM.

Instead of focusing their efforts on preventing attacks before they happen, 59% of security teams say they have to devote significant time and resources for remediation. Close to a third of their time is spent responding to crises rather than preparing for supply chain, ransomware and other advanced attacks. (Jane Wong, Splunk)

In the graphic and quotes are some additional findings from the announcement. Get the full The State of Security 2022 Report.