CISOs face rising security debt as attacks increase
CISOs are facing a battle to secure their organizations against an increasing volume of attacks by well-armed criminals and are facing a rising ‘security debt’ in doing so.
But a new report from cyber security provider F-Secure in conjunction with Omnisperience finds security teams are turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises.
Of the CISOs surveyed 96 percent acknowledge that they face a well-organized criminal industry motivated by financial gain. Furthermore, around seven out of 10 CISOs (72 percent) say adversaries are moving faster than they are, and a similar number (69 percent) say their adversaries have improved their attack capabilities in the last 12-18 months.
"Despite pervasive 'security debt' and reporting a rising number of cyber attacks, CISOs say that say the number of incidents, which includes a breach or unauthorized access to a system, they faced remained pretty much the same," says F-Secure's Michael Greaves, security advisor for Managed Detection and Response. "This could be because CISOs have made the right investments. However, it is the incidents that haven't been discovered which worry us most. Because of the sophisticated nature of some of these attacks, organizations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road."
Problems faced include employees being the primary attack vector, according to 71 percent of the CISOs interviewed, as attackers take advantage of social channels to launch more sophisticated targeted attacks.
The top three threats encountered are phishing, ransomware and business email compromise (BEC). Securing mobile or remote workforces during the pandemic also presents a number of risks, particularly where employees and devices are separated from traditional controls that could prevent their compromise. The majority of CISOs -- 71 percent -- also report that their ideas about what constitutes 'good security' has evolved recently.
You can get the full report from the F-Secure site.