CISOs face constant challenges to avoid drowning in "security debt." Overwhelmed security officers work every day to ensure that more and more security breaches do not result from increasing attacks.
CISOs face an increasing 'security debt' to protect their organizations against the increasing number of attacks by well-equipped criminals. The criminal industry has the advantage in terms of speed and resources used. Still, CISOs and their departments can mitigate a growing number of attacks to prevent more breaches or compromises, according to a new report from cybersecurity provider F-Secure in partnership with Omnisperience.
“72 percent of the opponents act faster than the companies”
An overwhelming percentage of CISOs (96 percent) admit they are dealing with a well-organized, profit-driven criminal industry. In addition, around seven in ten CISOs (72 percent) say their opponents act faster than they do themselves. A similar number (69 percent) say their opponents have improved their attack capabilities in the past 12 to 18 months.
Ransomware attacks are successful and high-profile. The threat actors' service and partner models make attacks even more effective and make it easier to carry out more attacks against more targets. But "despite this fact, CISOs say that the number of incidents, which include a break-in or unauthorized access to a system they faced, has remained pretty much the same," said Michael Greaves, security advisor for Managed Detection & Response at F-Secure. “That could be because the CISOs made the right investments. However, it is the incidents that go undetected that worry us most. Because of the complexity of some of these attacks, organizations may not have the technology or the people to understand that they are in the middle of a compromise that, for example, may not lead to a ransomware attack until months later ”.
Daily issues that CISOs face
The report covers many aspects of the complex dilemmas that CISOs face on a daily basis:
- Employees are the primary attack vector, according to 71 percent of the CISOs surveyed, as attackers use social channels to launch increasingly sophisticated targeted attacks.
- The top three threats that CISOs and their departments face are Phishing, Ransomware, and Business Email Compromise (BEC).
- Securing mobile or remote workforce, which has exploded in the wake of the pandemic, carries a number of risks, especially when employees and devices are separated from traditional controls that could prevent them from being compromised.
- The vast majority of CISOs (71 percent) report that their ideas about what constitutes “good security” have changed recently.
The CISOs' New Dawn report is based on in-depth interviews with 28 CISOs from the US, UK and other European countries. Find out more about how the attack landscape looks like from the perspective of top enterprise cybersecurity professionals.
More at F-Secure.com
Via F-Secure Nobody has a better insight into real cyberattacks than F-Secure. We bridge the gap between detection and response. To do this, we leverage the unmatched threat expertise of hundreds of the best technical advisors in our industry, data from millions of devices using our award-winning software, and ongoing innovations in artificial intelligence. Leading banks, airlines and corporations trust our commitment to fight the world's most dangerous cyber threats. Together with our network of top channel partners and over 200 service providers, it is our mission to provide all of our customers with tailored, enterprise-grade cybersecurity. F-Secure was founded in 1988 and is listed on NASDAQ OMX Helsinki Ltd.