- 75% of respondents say they have more work stress than they did just two years ago.
- 57% of respondents stated their security program lacked proper executive support.
- 93% say they lack the tools they need to detect known security threats.
- 42% say lack of executive accountability is the number one reason they would leave their jobs.
When security professionals were asked what caused the most work-related stress, the two most selected answers were not having enough time (41%) and working with executives (18%). When asked what additional support they needed for their security programs, 58% of respondents said they still need increased funding for tools.
The results of this study are troubling because there’s already a shortage of security professionals in the industry, and increased stress only points to the likelihood of more professionals departing from the profession. A separate recent study indicated the demand for cyber security professionals is double the current supply. This shortage is a good reason to try and help the current profession and reduce the stress felt by these same security professionals.
When asked what would help alleviate their stress, the top five responses included:
- 44%: Increased security budget
- 42%: Experienced security team members
- 42%: Better cooperation from other IT teams
- 41%: Supportive executive team
- 39%: Fully staffed security team
If you’re a cyber security executive, this short list is one you should be thinking about as you consider your management style and culture in your organization. While the budget may not increase by much (we all know how that battle goes), as an executive you can be more supportive and foster better communication and interaction among your team members.
K2 Cyber Security can also help cyber security teams by providing security alerts with the least false positives using deterministic security that detects new zero day threats. K2 also helps address the lack of time available to security staff by providing alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists to help reduce the time to remediation.
K2 Cyber Security Platform offers two use cases, for additional visibility during pre-production (development) penetration testing, while the other is runtime protection for applications in production. In the second use case, K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.
Get more out of your application security testing and change how you protect your applications, and check out K2’s application workload security solution.