PRESS RELEASE
SAN FRANCISCO, Feb. 14, 2024 /PRNewswire-PRWeb/ — Cobaltthe pioneers of Pentest as a Service (PtaaS), which enables companies to operate fearlessly and innovate securely, today announced the release of the first OffSec move report. The report highlights the evolving state of cybersecurity risks and reveals a huge trend towards mixed offensive/defensive approaches, as well as the improvement in protection achieved by those on the front lines of this change.
After surveying more than 1,200 security professionals employed in DevOps, SecOps, IT Security, Network Security, Cloud Security or InfoSec roles in the US and UK, Cobalt found:
-
Increasing defensive measures (blue teams) helps, but is not enough: while 47% report having increased spending on defensive cybersecurity, 41% reported feeling unsure of their company’s current defensive cybersecurity measures agency; a claim that those who reduced their security budget in the last 12 months were 81% more likely than average to do so. Indicating an important shift, 74% agree that defensive measures are not enough and that their company’s cybersecurity would be stronger if more budgets were allocated for offensive measures.
-
Offsec (red team) move begins: 84% plan to increase the budget for red team operations in 2024, with an average increase of 33%. This comes amid already impressive growth for offensive safety, where 63% say their team conducted more red team drills in 2023 than 2022.
-
The impact of increased offensive testing on security is clear: 75% say their company conducts more regular penetration testing annually than last year. Of these, 82% agree that increased penetration testing has reduced successful breaches by more than 50% over the past 12 months. And 86% say increased penetration testing has significantly accelerated their team’s incident response.
-
As breaches are more costly, organizations work to find the perfect shade of purple: 75% report that the financial impact of data breaches has increased, with the average cost to each company being $1.65 million. This reality drives organizations to search for the right shade of purple. Of those who have invested in purple team operations in 2023, 93% say the integration of the red and blue teams has improved their company’s cybersecurity capabilities. And they believe the ideal split looks like an operational split of 54% defensive and 46% offensive.
“This report shows the importance of OffSec change. This is not a passing trend. It is the necessary reaction to our evolving threat landscape and market conditions that demand real value for every dollar spent on security control. security. Every organization must consider how to do so. brings offensive measures to the forefront of their cybersecurity strategies,” said Caroline Wong, Chief Strategy Officer at Cobalt. “As every organization’s attack surface continues to evolve at an unprecedented pace, investing in comprehensive security solutions is critical to safeguarding digital assets and ensuring businesses are resilient against ever-evolving risks.”
In today’s evolving threat landscape, it is more important than ever for organizations to develop mature offensive cybersecurity measures in addition to existing defensive controls. This combined effort allows organizations to proactively identify and mitigate potential vulnerabilities before they are exploited by attackers, while ensuring protection against existing threats to safeguard sensitive data and maintain business continuity.
The OffSec Shift Report is the first report of its kind. To view the full report and learn more about what it found, visit https://resource.cobalt.io/offsec-shift.
Speaking of cobalt
Cobalt brings speed, simplicity and transparency to manual security testing. Our award-winning Pentest as a Service (PtaaS) model helps organizations keep pace with evolving attack surface and agile software development lifecycles. Thousands of customers and hundreds of partners rely on Cobalt’s modern SaaS platform and exclusive community of more than 400 trusted security experts to protect applications, networks and devices. We provide security testing that supports business drivers, maximizes internal resources, and creates more effective security programs so organizations can operate fearlessly and innovate securely.