Just 16% of IT security professionals believe that their bosses and company boards have taken a greater interest in their roles as a result of the WannaCry and NotPetya cyber-attacks of 2017. This is according to new research conducted by Unified Security Management and crowd-sourced threat intelligence specialist, AlienVault.
The research, which surveyed 233 IT professionals globally about how their roles have changed following these high-profile attacks, found that just 14% have had their budgets for cyber security increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.
Risks grow yet budgets fall
The findings follow a separate research report from PwC which found that UK businesses have cut their cyber security budgets by a third, compared to the same point last year.
As Javvad Malik, security advocate at AlienVault, explains: “WannaCry and NotPetya are generally believed to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture. Destructive malware poses existential threats to companies across all industries and can no longer be ignored. To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks.”
Worryingly, 13% of IT professionals whose organisations were affected by WannaCry or NotPetya felt that they were blamed for their organisations falling victim. As a result, many IT teams have worked hard to strengthen their organisation’s cyber security in the wake of these attacks.
Two-thirds (66%) are more up-to-date with patching than they were previously, and half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats. In addition, 58% carried out a review of their organisation’s cyber security posture following the attacks.
Javvad Malik continues, “Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers. Given the unpredictable nature of today’s security environment, organisations should focus their efforts on detection and response.”
The research also explored whether IT professionals have noticed any changes in the way others treat them, following the high volumes of media attention around WannaCry and NotPetya. Almost a quarter (23%) reported that their family and friends are more interested now in hearing about their work. In addition, 28% believe that most people in their organisations listen to their IT advice more than they did before.
However, despite the widely reported IT security skills shortage, just 10% of those surveyed have experienced an increase in job offers, or managed to negotiate a pay increase, following the attacks.
Javvad Malik adds, “The IT security profession remains a very tough place to work, where resilience is the key to success – particularly if you are blamed in the event of your company suffering a security incident.”