Products and Services PRODUCTS & SERVICES

Sophos Summit 2021: Attendees’ Real-world Cybersecurity Experiences

Hear what the IT professionals that attended the Sophos Cybersecurity Summit 2021 had to say about emerging tech, risk management, cyber threats, SOCs, and bringing young people into the industry.

The Sophos Cybersecurity Summit 2021 brought together thousands of industry leaders, threat experts, and IT security professionals at our Americas and EMEA events.

Attendees contributed and responded to the presentations and discussions via live polls and open Q&A, sharing their personal cybersecurity experiences. Through this live participation, delegates provided a fresh and revealing insight into the reality facing cybersecurity professionals today.

Check out the results below and see how your own experiences compare. And if you weren’t able to join us, don’t worry. All sessions are available to watch (or re-watch) on-demand.

Emerging Technologies and Assessing Security Risk

Stephanie Balaouras, VP, Group Director, and Renee Murphy, Principal Analyst, of Forrester started the summit by sharing key emerging technologies for 2022, together with a new risk taxonomy that enables organizations to effectively assess the risk they present to the business. Of the emerging human experience and productivity technologies that Stephanie highlighted, attendees at both the EMEA and Americas events are–overwhelmingly–most excited by extended and virtual reality.

While these new technologies bring exciting new opportunities, they also bring new risks to the organization. As a result, being able to assess risk accurately and effectively is essential for their successful implementation.

When it comes to assessing security risk, almost half (47%) of the attendees rated their organization as Not bad but could do better. One third feel that they are doing pretty well and 6% are completely on top of it. The results we very similar across both events, revealing that security risk assessment maturity is generally consistent across different geographic regions.

Download the Forrester report authored by Stephanie and Renee to dive deeper into the top emerging technologies and get the Forrester risk taxonomy that enables you to quickly identify the most critical risks.

Cyber Threats

Two thirds (66%) of attendees said the number of cyber attacks on their organization increased over the last year, and just 5% experienced a reduction in attacks.

It is therefore unsurprising that phishing and ransomware featured high on the list of security challenges that attendees face. Indeed, these threats were eclipsed only by ‘users’ as attendees’ biggest cybersecurity pain, alongside– for EMEA summit attendees only–a lack of management buy-in. Ransomware and phishing were also cited as the worst cyber criminal pressure technique at both events.

In his presentation on the Sophos Threat Report, Chester Wisniewski, Principal Research Scientist at Sophos explored the latest ransomware trends, including the changing business model adopted by ransomware gangs and the increase in extortion-style attacks.

Across both events, attendees reported a strong mistrust of ransomware gangs, with four in five saying that you can never trust them to keep their word. Just 2% feel that you can generally trust ransomware actors.

To dive deeper into the latest threat trends, including the evolving ransomware threat, read the Sophos 2022 Threat Report.

Exploring the SOC

Security Operations Centers (SOCs) were a core focus for the summit. Over half of attendees have a SOC with 30% running an internal SOC and a similar percentage (26%) working with a third-party SOC.

Within the SOC, alert triage is a key task for many human operators. Over half (54%) of poll respondents reported that their SOC team spends 10% or more of their time on triage, with almost a quarter (22%) spending 25% or more of their time on this activity.

Chris Kissel, Research Director at IDC explored different ways that organizations can take advantage of machines and analytics to carry out what he called ‘SOC drudge work’. 20% of poll respondents are already using machines and analytics regularly or extensively to reduce the burden on human operators, while a further 28% are in the early stages.

Cybersecurity Careers and Engaging the Next Generation

The future security of our organizations is dependent on bringing in the future generation of cybersecurity professionals. Kyla Guru, Gen Z cybersecurity leader and social entrepreneur, provided an invaluable insight into mindset and focus of today’s young people, together with practical guidance on how to interest them in a cybersecurity career:

  1. Educate on the different roles available within cybersecurity. Let young people know about the broad range of cybersecurity jobs that exist–if they don’t know about a role it’s hard to make it a future career focus
  2. Make cybersecurity relevant. Engage with young people on cybersecurity in a way that is meaningful for them, and their experiences to-date
  3. Provide hands-on opportunities. Give young people the opportunity to learn real-world cyber defense skills and built their interest in this area–and your organization–as a future career path
  4. Go to them. We need to engage with Gen Z on the platforms and the communication channels that they use, and not expect them to come to us
  5. Shift the portrayal of people in cybersecurity. Show a more representative and inclusive picture so everyone feels welcome, and reflect the reality of cybersecurity not the Hollywood version

When it comes to the career experiences of summit attendees, just over a quarter (28%) of poll respondents say they always wanted to go into cybersecurity, while half (51%) had other jobs in mind.

42% of respondents said the media representation of cybersecurity and cybersecurity jobs had affected them and their career choices, with 13% significantly affected.

Over half (54%) said that their organization already engages with young people on cybersecurity, with 21% very active in this area. For the remaining 46%, this presents an opportunity to develop a future staffing pipeline.

And Finally, Clue(do)

Chris Kissel, Research Director at IDC, drew a parallel between cybersecurity and the board game Clue/Cluedo; as a defender you’re looking to identify the who, where and how to resolve the situation, just as you do in the game. This was one area where our regional attendees diverged. While Colonel Mustard was revealed as the #1 culprit in Americas households, Professor Plum is the main offender in EMEA. Maybe it’s the way they make the cards…

Watch All Sessions On-demand

All sessions from the Sophos Cybersecurity Summit 2021 are available on-demand. If you’d like to discuss your security requirements and how Sophos can help, please reach out to your Sophos representative or request a call back.