Even with the shifting threat landscape, organizations view malware, phishing, and data breaches as their biggest threats.
Almost a third of respondents in Fastly's "Fight Fire with Fire" survey said they consider data breaches and data loss as the biggest cybersecurity threat to their organizations over the next 12 months. Malware (29%) and phishing (26%) round out the top three. What's notable is the change in focus from 2021, when 31% of respondents named malware as their biggest threat, followed by distributed denial-of-service attacks (26%) and attacks targeting known vulnerabilities (25%).
While attacks exploiting vulnerabilities or misconfigured services were perceived as the biggest threats in 2021, malware, phishing, and ransomware appeared to be bigger issues in 2022. Fastly noted the fact that the "ENISA Threat Landscape 2022" report also identified ransomware as the top threat businesses were concerned about, while malware was the second most commonly identified threat.
Fastly's data showed that just 14% were concerned about DDoS attacks in 2022 — which is a surprisingly steep decline, especially considering the stratospheric increase in DDoS attacks in 2022. There were 60% more DDoS attacks in the first six months of 2022 than in all of 2021, according to the report. One reason for the disconnect may be because content delivery networks (CDNs) are able to absorb the vast majority of DDoS attacks, freeing up IT to focus on other areas, stated Sean Leach, Fastly's chief product architect, in the report.
While attacks against remote workers did not show up on the list of threats organizations are worried about, Fastly's data suggests that organizations are still very concerned about their ability to protect remote workers. Nearly half, or 46%, predicted that attacks on remote workers will drive cybersecurity threats over the next 12 months.
"Remote workers create no additional vulnerability on their own," Leach stated, noting that concerns about securing remote workers have more to do with adoption of new technologies and learning how to use security controls effectively.
To bolster their defenses, 51% of global businesses are actively investing in remote employee security, with a further 38% planning on investing in it within the next two years, Fastly said in its report.
Overall, IT leaders are increasing their cybersecurity investments to bring in more tools and technologies to defend against threats — 73% said they were increasing cybersecurity investment. Unfortunately, more tools don't necessarily mean better security, as some of these tools may not easily integrate with the existing security stack or with each other, Leach said.
"Instead of buying any number of unnecessary tools, businesses with successful security strategies often work with fewer technologies which work closely together and are deeply integrated with one another," Leach said.