Beautiful Male Computer Engineer and Scientists Create Neural Network at His Workstation. Office is Full of Displays Showing 3D Representations of Neural Networks.
Business Transformation

Threat Report 2022: What it Takes to Secure Information Across Complex IT Configurations

Technology leaders and practitioners are more beholden now, than ever before, to track and prevent cyberthreats along accelerated software delivery pipelines. According to James Kaplan, Chief Information Security Officer(CISO) at JP Morgan Chase, security complexity  is best managed by two strategies: “You manage scale. You build trust1.” Building trustworthy digital services, processes that enable secure devops at scale and a culture of trust have become the key differentiators for enterprise cybersecurity leaders. Now, as organizations continue to focus on shifting historically siloed development pipelines into a collaborative dev, security, and ops mindset, practitioners have weighed in on their biggest challenges.

In our annual survey of 125 cybersecurity and incident response (IR) professionals, we asked critical questions to reveal priorities of security teams. Many are still reeling from pandemic disruptions as the impact of geopolitical conflict mounts across growing attack surfaces to add impact to their roles, here’s a high-level summary of our learnings:

Cybersecurity Burnout: A Crisis with an Opportunity

People are the frontline defense against cyberattacks and nearly half (47%) of those surveyed reported experiencing burnout or extreme stress with in the past 12 months. Slightly down from last year (51%) this may sound like good news, but the reality states otherwise. Well over half (69%) of those experiencing symptoms of burnout are still considering leaving their jobs as a result (up 4% since 2021). When asked what can be done to help mitigate impending losses of security professionals, the top three remedies included flexible work hours, investments in education, and mental health coaching and support.  As organizations flex and develop capabilities for addressing changing workplace dynamics and increased pressure on security teams, the opportunity for building relationship equity can serve to retain talent as well as smooth devops challenges.

Zero-Day Threats: No Slowdown on the Horizon

The zero-day exploit market is flourishing, global, and ever-present. They range from commodities to customized sophisticated programs.  The cybercrime black market shows no signs of slowing down with record levels of zero-day exploits reported last year and escalated geopolitical conflict fueling the demand and innovation for the foreseeable future.

This puts increased demand on devops and security teams in terms of ongoing operations as well as scaling security practices to adapt to a moving target.  Companies are well-advised to keep apprised of the evolving threat landscape and to update devops practices and toolsets accordingly.  

Lateral Movement: Sailing Blind in a Storm

Today, lateral movement is a well-known technique in cyberattacks to land and expand a network foothold to gain further access to valuable data or systems. It typically begins with surveillance as an attacker works to escalate access and ultimately gain control of the target3. Most security professionals surveyed witnessed instances of lateral movement, across 25% of all attacks. This known tactic has a new twist. What has changed is that east-west traffic is not moving through the network in virtual environments where it’s possible to host up to 150 VMs on a single server.  In virtual environments it is possible to host an entire traditional application environment on a single server so traffic that would typically traverse a network never hits a network tap.  This creates blind spots unless the security model includes instrumenting the virtualization layer. Without the capability to see the traffic running between VMs visibility of lateral movement is impaired leaving security and ops teams to sail blind in a storm.

To learn additional findings on deepfake attacks, compromised APIs, new attack vectors, the state of ransomware, custom malware, and other top-level security concerns, download our Global Incident Response Report

  1. McKinsey and Company. The modern CISO is uniquely positioned to bridge gaps across technology, processes, automation, and cybersecurity. March 2020.
  2. Lawfare Institute. “Hack Global, Buy Local: The Inefficiencies of the Zero-Day Exploit Market.” June 2022.
  3. UK Government. “Preventing Lateral Movement.” 2022.
  4. VMware. “VMware Global Incident Response Threat Report.” June 2022