A survey of 1,600 chief information security officers found that more than two-thirds of them (68%) expect a “material cyberattack” on their organizations in the next 12 months.
The survey, which is the basis of the annual “Voice of the CISO Report” by Proofpoint, an enterprise security company, showed a pronounced shift in attitude among the security chiefs toward future threats to their organizations. Just 12 months earlier, less than half the CISOs (48%) saw a cyberattack on their horizon.
This pronounced shift suggests that security professionals see the threat landscape heating up once again, the report noted, and have recalibrated their level of concern to match.
“As we emerged from the pandemic, security leaders felt they had been able to implement more long-term controls to protect their work environment, so there was a sense of calm,” explained Proofpoint’s Global Resident CISO Lucia Milica Stacy.
“However, as the volume of attacks continued to increase, coupled with geopolitical tension and global economic uncertainty, a lot of that optimism wore off,” she told TechNewsWorld.
According to security experts, a number of factors could be contributing to the CISOs’ concerns about increased cyberattacks.
“New vectors of attack continue to emerge — software supply chain compromise, API-connected third parties and SaaS systems, AI-related security risks — each requiring new defensive strategies and skills,” observed Karl Mattson, CISO of Noname Security, a provider of a cloud-native API security platform, in Palo Alto, Calif.
“Meanwhile, traditional threats never go away, such as ransomware or web application attacks,” he told TechNewsWorld. “With security budgets and staffing levels largely remaining flat, the stage is set for more risk exposure this coming year.”
A proliferation of endpoints in the enterprise also gives CISOs increased reason for alarm.
“IT leaders are finding it increasingly difficult to gain comprehensive visibility, security, compliance, and control to protect every employee, on every device, from every location,” said Darren Guccione, CEO of Keeper Security, a password management and online storage company, in Chicago.
“The expanding attack surface is particularly concerning with cyberattacks on the rise and IT security teams competing for talent as macroeconomic conditions are tightening budgets,” he told TechNewsWorld.
Adoption of as-a-service models by threat actors also increases the likelihood of an organization coming under attack in the next 12 months. “Phishing-as-a-Service and Ransomware-as-a-Service enable a significant increase in the number and scale of cyberattacks,” explained Avishai Avivi, CISO of SafeBreach, a provider of a breach and attack simulation platform, in Tel Aviv, Israel.
“At that point, it becomes a statistical reality,” he told TechNewsWorld. “The more attacks, the higher likelihood of an attack succeeding.”
Proofpoint also reported that CISOs believe employee turnover has become a risk to data security. More than eight out of 10 of the security chiefs (82%) told researchers that employees leaving their organization has contributed to a data loss event.
“Resource constraints and the great reshuffle of employees are a potential underlying cause of the high percentage of CISOs being concerned about the loss of sensitive data because of employee turnover,” Stacy said.
The two sectors affected the most by turnover were retail (90%) and IT, technology, and telecoms (88%), the report noted.
These trends leave security teams with a near-impossible challenge, it continued. When people leave, stopping them from taking data is difficult.
Some organizations require written guarantees from former employees that they will delete all company data, it added. Others threaten new employers of potential liability if an employee shares any data from their old job. But neither is close to being a satisfactory solution.
“Many employees, upon their departure, attempt to take some aspect of their work with them,” said Daniel Kennedy, research director for information security and networking at 451 Research, which is part of S&P Global Market Intelligence, a global market research company.
“For salespeople, that can be contacts or customer account information. For other employees, it can be a form of intellectual property, models they worked on or code, for example,” he told TechNewsWorld.
“When I was a CISO,” he recalled, “I definitely correlated hits on our various data loss platforms and employees departing. I could generally predict when someone was going to give a resignation based on their behavior.”
The increased concern of CISOs about insiders contributing to data loss represents a departure from past thinking on the subject.
“What has changed recently is a shift in thought from ‘it’s wrong to distrust employees’ or ‘we hire the best’ to ‘we have to secure ourselves from all kinds of threats,” observed Sourya Biswas, technical director for risk management and governance at the NCC Group, a global cybersecurity consultancy.
“Recent U.S. defense leaks by insiders Jack Teixeira, Chelsea Manning, and Edward Snowden may have helped shape this narrative,” he told TechNewsWorld. “It’s not the prevalence of the malicious insider that changed, but rather the awareness around it.”
The level of distrust of employees displayed in the survey probably says more about a company’s overall culture than anything else, maintained Daniel Schwalbe, CISO of DomainTools, an internet intelligence company in Seattle.
“But it can also be attributed to the increase in remote work, which makes some CISOs feel like they are losing visibility into where their data ends up,” he told TechNewsWorld. “The current realities of a remote workforce throw the pre-pandemic corporate network with tight edge controls out the window.”
Proofpoint’s report also found that most organizations are likely to pay a ransom if impacted by ransomware. Three out of five CISOs surveyed (62%) believed their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.
The report added that the CISOs’ organizations were increasingly relying on insurance to shift the costs of their cyber risks, with 61% saying they would place a cyber insurance claim to recover losses incurred in various types of attacks.
“Over the past five years, there has been general encouragement by cyber insurance companies to pay ransoms and for the cost to be covered by their premiums,” said Chris Cooper, CISO of Six Degrees, a cybersecurity consulting company, in London and a member of the ISACA Emerging Trends Working Group.
“This is, fortunately, changing, as paying ransoms only further excites incidents,” he told TechNewsWorld.
“There is also increasing evidence that some groups are coming back for a second bite at the cherry,” he added.
Proofpoint Executive Vice President of Cybersecurity Strategy Ryan Kalember urged security leaders to remain steadfast in protecting their people and data, despite trying challenges.
“If recent devastating attacks are any indication, CISOs have an even tougher road ahead, especially given the precarious security budgets and new job pressures,” he said in a news release. “Now that they have returned to elevated levels of concern, CISOs must ensure they focus on the right priorities to move their organizations toward cyber resilience.”
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
Please sign in to post or reply to a comment. New users create a free account.
Yes – to help ensure fairness and objectivity.
Yes – but humans must always have the final say.
No – using tech disrupts the natural game flow.
No – the chance of human error adds excitement to sports.
Doesn’t matter to me, I don’t watch sports.
Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor
Sonos Bets on Spatial Audio as a Key Brand Differentiator
Mac Mini, MacBook Pro Refreshed With Latest Apple Silicon
Are Mainframes an Indicator of Banking Reliability?
Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
Personal Data Harvesting and How To Reduce Your Digital Footprint
Business Conditions Prime for More Open-Source Contributors
Clickbait News Sites Turn to AI for Content
The AI Revolution Is at a Tipping Point
EdTech Developer’s Study Game Approach Aces Med School Testing Curve
Researchers Instantly Crack Simple Passwords With AI
HP Affirms ‘Better Together’ at Its Amplify Event
Digital Health Care Flourishing Despite Legal, Logistical Hurdles
Leverage the Power of Data To Monitor Home Energy Efficiency
Tips To Help Mask Your Identity Online
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Generative AI Is Here: Forrester Offers Tech Execs Tips on Next Steps
Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack
Leaky Pet App Dilemma Can Lead to Serious Cybersecurity Problems
New Distro Makes Running Arch Linux Very ‘Cachy’
FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
AnkerWork SR500 Speakerphone: Near Nirvana for PC Use, Phones Heck No
Is ChatGPT Smart Enough To Practice Mental Health Therapy?
Google Invites Public To Test Drive Its AI Chatbot Bard
Lenovo Builds a Workstation James Bond Would Love
Bark and Calix Partner To Combat Cyberbullying
Social Media Fueled the Run on Silicon Valley Bank: Study
DARPA Moves Forward With Project To Revolutionize Satellite Communication
Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
Mozilla Releases Gift Guide With Privacy in Mind
3 Big Generative AI Problems Yet To Be Addressed
Meta Lowers Legal Hammer on Law Enforcement Data Scraper
Study Finds EV Battery Replacement Rare, Most Covered by Warranty
Why Nvidia Is Winning the Race To Dominate the Metaverse
Health Features Could Be in AirPods’ Future
Female Army Veteran Uses Tech To Help Create a Better Future
Copyright 1998-2023 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.