The IT Security Team: 2021 and Beyond showed how increased security challenges during the pandemic offered IT teams a unique opportunity to build their cybersecurity expertise.
IT security skills in the following sectors such as education (83%), retail (85%), and healthcare (80%) were affected.
The survey polled 5,400 IT decision makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
“IT professionals played a vital role in helping organisations to keep going despite the restrictions and limitations necessitated by COVID-19,” explains Sophos principal research scientist Chester Wisniewski.
“They enabled education institutions to move learning online, retailers to switch to online transactions, healthcare organisations to deliver digital services and care under, and ensured public entities could continue to provide essential services.”
Wisniewski says the transition to online was conducted at a fast pace with limited equipment and resources available while considering the rising tide of cyberattacks against network, endpoints, and employees.
He points out that in many cases, the pandemic was able to mold more motivated IT teams, ready to embrace an ambitious future, despite the situation.
Wisniewski outlines the possibilities: “Planning ahead post-pandemic, we have an excellent opportunity to implement new IT and security policies, adopt more secure modern tools to manage employees and operations beyond the IT perimeter, build expert teams that blend in-house and out-sourced talent, and introduce security platforms that combine intelligent automation with human threat hunting expertise.”
The main findings of The IT Security Team: 2021 and Beyond survey for the APJ region include:
Demands on IT teams increased as technology became the key enabler for dispersed and digital organisations. Overall IT workload (excluding security) increased for 62% of IT teams, while 66% experienced an increase in cybersecurity workload.
Adversaries were quick to take advantage of the opportunities presented by the pandemic: 60% of IT teams overall reported an increase in the number of cyberattacks targeting their organisation and 65% said the attacks were too advanced for the organisation’s IT team to deal with on their own. Globally, the challenge was most acute in the business and professional services sector (63%).
The increased security workload and a rise in the number of cyberattacks enabled IT teams to build their cybersecurity skills and knowledge. 72% of IT teams were able to develop cybersecurity skills and knowledge. The high percentage may be attributed to informal on-the-job learning acquired as teams tackled advanced threats and attacks, as well as new technology and security demands, often under intense pressure and remote from their normal place of work. Globally, retail was the sector most able to increase cybersecurity skills and knowledge (77%), followed by education (75%).
Facing challenges together boosted team morale. More than half (59%) of the IT teams surveyed said team morale rose in 2020. Morale appeared to increase in line with heavier workload and more intense attacks.
Globally, ransomware victims were considerably more likely to have experienced an increase in team morale than those that weren’t hit (60% versus 47%.)
The findings suggest that a shared purpose, a sense of value and facing adversity together helped to bond and lift the spirits of IT teams.
The experiences of 2020 have fuelled ambitions for bigger IT teams and using advanced tools such as artificial intelligence (AI) in future technology strategies. Many organisations appear to have entered 2021 with plans to increase the size of both in-house and outsourced IT teams, and to embrace the potential of advanced tools and technologies. The survey found that 63% of IT teams in APJ anticipate an increase in in-house IT security staff by 2023, and 55% expect the number of outsourced IT security staff to grow over the same time frame.
An overwhelming majority (86%) expect AI to help deal with the growing number and/or complexity of threats. This could be due in part to the fact that 65% of APJ IT teams believe that cyberattacks are now too advanced for the in-house team to tackle on their own.