Hafnium and DarkSide are among the top cybercrime groups of interest to cybersecurity professionals, according to a cyber workforce report.

The Cyber Workforce Benchmark report from Immersive Labs analyzed cyber knowledge, skills and judgment from over half a million exercises and simulations run by more than 2,100 organizations in the last 18 months. These were broken down to understand the workforce cyber capabilities of cybersecurity, application security and crisis response teams.

The report found that cybersecurity teams prioritize knowledge, skills and judgment development against high-profile threat groups. The top five groups of interest are:

  1. UNC2452 (Solarwinds)
  2. Iranian Threat Groups
  3. Fin 7
  4. Hafnium
  5. DarkSide

Capability development is significantly more rapid with such groups. The knowledge, skills and judgment to defend against SolarWinds, for example, was built nearly eight times quicker than average.

Analysis of 35,000 cybersecurity team members inside 400 large organizations reveals it takes over three months (96 days) on average to develop the knowledge, skills and judgment to defend against breaking threats, except with Log4j. Infrastructure and transport are the two slowest sectors, taking an average of more than four months (137 days) to ensure skills development after a threat emerges. A long lag in human capabilities contrasts significantly with the widely accepted need for swift technical remediation. Government cybersecurity bodies, for example, suggest patching as quickly as 48 hours after a vulnerability emerges. Log4j was an exception to this rule, with cybersecurity teams developing human capabilities within just two days. 

Ransomware causes great uncertainty for crisis response teams. Seven out of the top 10 least confidently answered crisis scenarios across the entire platform were focused on this threat. When asked, 83% of all organizations chose not to pay the ransom; however, 18% of government crisis response teams did, despite often being against official guidance.  

For more information on the report, click here.