A New Survey Shows that Two Out of Three Global CISOs Are Not Ready to Handle a Targeted Cyberattack
More Than Half of Study Participants Think that Human Error Is Their Company’s Biggest Liability.
According to a new study conducted by the leading cybersecurity and compliance company Proofpoint, two-thirds of CISOs declared that their businesses are not prepared to face a targeted cyberattack.
More than 1000 Chief Information Security Officers (CISO) worldwide have articulated concerns regarding the security consequences of the huge change to remote work since the pandemic started.
Throughout the first quarter of 2021, 100 CISOs have been interviewed in each market across 14 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia (KSA), Australia, Japan, and Singapore, with many calling attention to important issues in the actual cybersecurity scenery.
Proofpoint global resident chief information security officer Lucia Milică stated that CISOs are now encountering a “constant barrage of attacks from all angles” and have had to take different new actions in order to be ready for the challenges associated with preserving a hybrid staff.
The pandemic placed an enormous strain on the global economy, and cyber criminals took advantage of this disruption to accelerate their nefarious activities. We were inundated with cyberattacks, both new and familiar, from pandemic-themed phishing scams to the unwavering march of ransomware.
On average, 64% of CISOs declared they felt like their company is in danger of experiencing a targeted cyberattack in the next year, with more than 65% of CISOs from the U.S., France, UAE, Australia, Sweden, Germany, the U.K. expressing this fear.
The fear was highest among CISOs in the U.K., at 81%, and Germany, at 79%.
The fear was highest among CISOs at retail companies and was lowest among those working in the public sector.
66% of participants stated they did not think their business was ready to manage the consequences of a cyber assault, particularly CISOs in the Netherlands, Germany, and Sweden.
The answer regarding the types of attacks they expect was unclear, CISO mentioning various threats including business email compromise (34%), cloud account compromise (33%), and insider threats (31%). They also cited phishing, ransomware, and DDoS attacks.
Many of them declared that the recent rise in the number of cyber assaults was being aggravated by the pandemic, the change to remote work, and quickly deployed remote conditions that made it hard to protect private data and information.
More than half said they have witnessed more targeted cyberattacks since remote working started at the beginning of the pandemic. Almost 70% of participants that manage more than 5,000 employees reported having a workforce being targeted more since remote working began.
Almost all of them declared they have had to institute more powerful security policies since March 2020.
As we said before, human error is now considered one of the biggest liabilities of an organization. CISO for Michigan State University Seth Edgar said that threat actors used to concentrate on abusing infrastructure but at the moment it is clear they target people.
Our focus has shifted to protecting people, which illustrates the changing boundary of security. That boundary has gotten very personal, very quickly.
Unfortunately, the absence of technical tools and support from its managers makes it hard for an enterprise to detect a cyberattack. When it comes to this, less than two-thirds said they were prepared.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
A majority of CISOs stated that over the next two years they expected for an 11% growth in cybersecurity budgets, but 32% said they expected their budgets to be reduced.
They are also concerned regarding the profitability of these attacks, 63% of participants said they expect the operations to be even more profitable in the future.
According to them, punishment for cyberattacks will also increase.
With 66% of them working for enterprises with more than 5000 workers, they call the expectations “excessive.” 50% of the survey participants said that given the circumstances, it is almost impossible to be successful.