How closely aligned are cybersecurity perceptions and reality?

It seems like every week there’s another cyberthreat making news. From ransomware to distributed denial-of-service (DDoS) attacks, there’s no shortage of attack vectors cybercriminals can use to ruin your day, week or quarter.

And none of this news is, well, new. These issues are all top-of-mind for any company that values even a semblance of security and stability. But how prepared are you really? As companies plan for the coming year, do their perceptions of readiness match the reality?

To find out, we recently took the pulse of 1,420 global IT leaders, from CIO and CTOs to CICOs, to find out. You can view the results from our survey in our report: Is Cybersecurity Meeting Today’s Intensifying Challenges?.

In this episode of Cloud Talk, join Rackspace Technology Chief Technical Evangelist Jeff DeVerter, Dr. Laura Faulkner, Head of Rackspace Technology Research Team, and Mindy Schlueter, Product Manager for Elastic Engineering for Security at Rackspace Technology, as they go over some fascinating data and findings from our cybersecurity research project.

When asked how prepared they felt about handling current and future cybersecurity threats, 90% of respondents said they were “fully confident.” As Faulkner explains, perhaps these respondents were overconfident.

“This perception doesn’t jibe with the stats,” explains Faulkner. “Only 12% are truly where they should be, exploring DevSecOps and baking in the security from the very beginning. But I was surprised how few people actually are integrating DevSecOps practices today.”

But there must be a reason why these companies feel like they are on the right track… so what are they spending their time and energy on? According to Schlueter, they’re using valuable resources on irrelevant technologies.

“Where they are strong is in network security, and endpoint protection — those are things that our customers feel they have a good handle on,” explains Schlueter. “And they are very mature in those fields. But the challenge is that when migrating their workloads to the cloud, some of those perimeter security controls are just not as relevant as they used to be.”

Today, cybersecurity requires a new way of thinking. When we asked our respondents to identify the greatest security challenges they were facing, only 5% cited hygiene factors, which also doesn’t align with what we are seeing.

“That's very counter to what I experienced working with customers in their environments,” recalled Schlueter. “I see a lot of breaches in the news that result from simple misconfigurations. Things like unsecured data in an S3 bucket, or some identity left sitting out somewhere that someone was able to use to get inside an environment and then escalate privileges and access some really important data.”

“Another one that surprised me that was near the bottom was lack of cybersecurity awareness among business users,” said Schlueter. “That is a huge challenge. It's so simple for anyone to click on a malicious file in their email and expose their company to huge amounts of risk. There are a million ways to get into a network, and one of the most common attack vectors is through email. I found that counterintuitive.”

So how should these companies approach cybersecurity going forward? One of the most effective means is via partnership with an experienced provider who can work with in-house IT teams to get them up to speed.

“86% of respondents said that their biggest challenge was lack of expertise,” explained Schlueter. “This is where partnering makes an awful lot of sense. You don't just need one type of person to solve these problems. You need a cross-section of different skill sets. And these companies want their own security experts on the job. And that’s where something like Elastic Engineering is perfect. We don’t just take it over. We work side-by-side, using our “do-with” approach, to get our customers up to speed so they can take over.”

You shouldn’t be ashamed to admit you have gaps in security. Every company does. But as this research has shown, through being honest with yourself and a willingness to learn how cybersecurity is evolving, you can shore up those gaps before you're subject to a breach.

Cloud Talk covers topics like multicloud, digital transformation, containers and Kubernetes, IoT, edge computing, data and more. Episodes are short and sweet — around half an hour — and available from Apple Podcasts, Spotify, Stitcher and anywhere else podcasts can be found.