05 February 2024

Fortra’s new ‘2024 Fortra State of Cybersecurity Survey’ found that most organizations anticipate phishing (81%), malware and ransomware (76%), and accidental data loss (63%) will be the top security risks over the next six months, followed by social engineering (55%) and third-party risks (52%).

To address these threats, security professionals’ top five cybersecurity initiatives for this year are: limiting outsider threats (such as phishing and malware) (74%), finding and closing security gaps (73%), improving security culture (66%), securing the cloud (63%), and compliance (62%).

“While these may seem like disparate concerns, they can all be traced back to the headlong rush to the cloud,” said Antonio Sanchez, principal cybersecurity evangelist, Fortra. “The impacts of this rapid migration – weak policies, poor container security, misconfigurations, and gaping security holes – came home to roost in 2023 and the consequences will still be playing out this year. Now, the top focus is on improving controls and processes around phishing and malware followed by identifying the latest attack vectors for hardening. Security leaders know that improving security awareness has a direct correlation to improving phishing and malware defenses, so they have made improving security culture a top initiative as well. Improving security culture should also free up resources so they can focus on cloud security as organizations continue to adopt cloud-first and cloud-preferred strategies.”

In line with this, 64% of respondents in Fortra’s survey reported having a hybrid environment, while 19% were cloud-first, and 12% were cloud-only. The 6% who said they had no plans to move to cloud cited security concerns as the reason to not make the jump (77%).

The research also explored the hurdles hindering the execution of security strategies, with budget limitations (54%), the constantly changing nature of threats (45%), and lack of security skills (45%) topping the list. In addition, the survey revealed that while everyone is seeking to implement principles of zero trust, a quarter said they aren’t planning to due to insufficient resources.

Many organizations are aware that upskilling needs to occur to strengthen their security position, with 67% saying they are focusing on improving the skills of their staff.

Organizations are also leaning into managed security services to offload some of the weight. The most popular areas to offload are: email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%).