Training and crisis scenarios find that defenders take months, not days, to learn about the latest attack techniques, exposing organizations to risk.
Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analyzing training and crisis scenarios.
The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.
The amount of time it takes for security professionals to get up to speed on new threats matters — CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Read more: https://bit.ly/3tHiU2A