Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity news analysis: Skills gap, attack surface, password woes

Topics that are top of mind for the week ending Oct. 21 | The problem with Gen Zers and Millennials | Global shortage of cybersecurity pros worsens | An informal poll about attack surface growth | Password usage drops a bit | And much more!

1 – CISOs beware: Younger workers take more cyber risks

This may sound counterintuitive but employees between ages 18 and 41 tend to be less careful regarding cybersecurity. So take note, CISOs: You may need to intensify security awareness and training efforts aimed at workers from the Gen Z and Millennial generations.

CISOs beware: Younger workers take more cyber risks

Although they’re tech savvy “digital natives,” these employees are more likely to engage in risky behavior than their older counterparts, according to Ernst & Young’s “2022 EY Human Risk in Cybersecurity Survey.”

Specifically, a higher percentage of Gen Zers and Millennials:

  • re-use passwords for personal and professional accounts
  • ignore required IT updates for as long as possible 
  • accept browser cookies every time or often

Recommendations for strengthening employees’ cybersecurity knowledge and preparedness include:

  • Provide training that’s relevant to their roles at least once a year. This makes them more likely to adopt practices like using strong passwords, flagging phishing attempts and encrypting data.
  • Don’t respond to employee mistakes with punishments but rather with education. A positive security culture makes employees more willing to seek help and report incidents.
  • When providing security training, don’t limit it to workplace practices, but rather include information that’s applicable to employees’ personal lives. 

For more information about the survey, which was based on a poll of 1,000 U.S. employees who use a work-issued computer, read a summary of the findings.

More resources about employee security training:

2 – Security concerns hurt usage of digital government services 

To boost citizens’ usage of their digital services, government agencies worldwide must improve on several fronts, including cybersecurity. As things stand now, there’s a global “confidence gap” in governments’ ability to secure citizens’ digital data.

That’s according to a new Accenture study titled “Public service experience through a new lens,” based on a survey of 5,500 consumers and 3,000 public service workers in 10 countries in North America, Europe and Asia-Pacific.

A key finding: 53% of people surveyed said that accessing public services is frustrating. Overall, the study found citizens want public service experiences to be simple, empathetic and secure.

Security concerns hurt usage of digital government services

Zooming in on the security aspect, the study urges governments to boost their security practices to strengthen the level of trust placed on them by both citizens and public servants. 

  • Among citizens surveyed, only 49% said they’re confident that government agencies use their data for what they say. 
  • Only 33% of government employees surveyed said they receive cybersecurity and data security training.
  • 43% of respondents said they’d be more likely to access digital government services if they felt more confident about data security and privacy.

So how can government agencies improve in this area? According to Accenture, the solution goes beyond technology and involves, among other things:

  • Turning agency leaders into security champions
  • Dissolving organizational silos
  • Prioritizing cultural changes
  • Improving public awareness via “transparent” outreach campaigns

For more information, check out a summary of the report or read the full report.

3 – Passwords used less, but still reign among auth methods

The usage of passwords has dropped, but they remain the number one authentication mechanism, dwarfing arguably more secure and convenient methods.

So says a report from the FIDO Alliance, a tech industry consortium that aims to promote the usage of alternative login technologies and the creation of authentication standards.

In its second annual “Online Authentication Barometer” report, the group says password usage is down by 5% to 9% across five main use cases, while the use of one-time passcodes (OTPs) delivered via SMS has inched up between 1% and 4%.

However, the group considers SMS OTPs a “legacy” multi-factor authentication method that offers a minor improvement over passwords, and advocates for the adoption of what it calls modern and “phishing-resistant” methods like on-device biometrics, FIDO security keys and passkeys.

As long as passwords remain the dominant login method, organizations will be impacted by the negative consequences of forgotten and stolen passwords, according to the report, which is based on a survey of 10,000 consumers in 10 countries. 

Frequency of abandoned purchases due to forgotten passwords

Passwords used less, but still reign among auth methods

(Source: FIDO Alliance’s “Online Authentication Barometer” report, Oct. 2022)

For more details, read the report.

And here’s more information about the FIDO Alliance and the push for password-less authentication:

4 – U.S. companies struggle to fill cybersecurity jobs 

Cybersecurity recruiters’ lives aren’t getting any easier. How bad is it out there? Currently in the U.S., there are 65 workers – most of them employed – for every 100 jobs posted.

Meanwhile, demand for cybersecurity pros is outpacing demand for employees across the board, growing 2.4 times faster in the 12-month period ending Sept. 30. Cybersecurity job postings in the third quarter were up 30% year-on-year, and up 68% compared with 2020.

Those Halloween-like stats come via the CyberSeek workforce analytics platform, a joint effort from the U.S. National Initiative for Cybersecurity Education, Lightcast and CompTIA. 

U.S. companies struggle to fill cybersecurity jobs
(Source: Cyberseek Heatmap on Oct. 20, 2022)

5 – And the staffing situation isn’t much better globally

3.4 million. That’s the number of cybersecurity pros needed to close the staffing gap worldwide, according to the (ISC)² Cybersecurity Workforce Study

Although the cybersecurity workforce grew by 464,000 and stands at an all-time high of 4.7 million people, the situation didn’t improve in the past year. Why? The staffing gap grew 26.2% – more than twice the growth of the workforce.

The consequences of this problem are significant, as shown in the graph below, based on the study’s survey of almost 5,000 cybersecurity pros whose teams have staff shortages.

The cybersecurity staffing situation doesn't look good globally

(Source: “ (ISC)² Cybersecurity Workforce Study”, Oct. 2022)

So what can be done? This a sampling of steps organizations are taking to attract and retain workers, based on the report’s survey of almost 12,000 cybersecurity pros and decision makers globally:

  • Provide flexible conditions, such as working from home (cited by 64% of respondents)
  • Invest in training (64%) and in certifications (58%)
  • Automate aspects of cybersecurity jobs (57%)
  • Hire for aptitude and attitude, and train for technical skills (50%)
  • Broaden geographic boundaries for hiring
  • Recruit among employees who don’t work in IT and security

For more information about this topic:

6 – A poll on attack surface woes

It’s no secret that the attack surface is expanding due to the adoption of modern technologies that make IT environments more distributed, heterogeneous, ephemeral and, ultimately, harder to defend. To get a reality check, we polled Tenable webinar attendees on this topic, and this is what they said.

An informal poll on attack surface woes

A poll on attack surface woes

For more information, check out these Tenable resources:

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training