Published in News

CISOs face rising security debt

by on15 April 2021
CISOs face rising security debt


If only there was a security credit card

CISOs face a rising 'security debt' to secure their organisations against an increasing volume of attacks by well-armed criminals, according to a new report from cybersecurity provider F-Secure in conjunction with Omnisperience.

The report said that despite going up against a criminal industry that enjoys advantages when it comes to speed and shared weaponry, CISOs and their teams report turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises.

In addition to the lure of successful high-profile ransomware attacks, service and affiliate models make threat groups more effective. The sharing of tooling and offensive knowledge makes it easier to conduct more attacks against more targets.

An overwhelming percentage of the CISOs – 96 percent - acknowledge that they face a well-organised criminal industry motivated by financial gain. Furthermore, about seven out of 10 CISOs (72 percent) say adversaries are moving faster than they are, and a similar number (69 percent) say their adversaries have improved their attack capabilities in the last 12-18 months.

F-Secure's Michael Greaves said that despite pervasive 'security debt' and reporting a rising number of cyberattacks, CISOs say that the number of incidents, which includes a breach or unauthorised access to a system, they faced remained pretty much the same.

"This could be because CISOs have made the right investments. However, it is the incidents that haven't been discovered which worry us most. Because of the sophisticated nature of some of these attacks, organisations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road."

Employees are the primary attack vector, according to 71 percent of the CISOs interviewed, as attackers take advantage of social channels to launch more sophisticated targeted attacks.

The top three threats CISOs and their teams face are phishing, ransomware and business email compromise (BEC).

Securing the mobile or remote workforce, which has exploded during the pandemic, presents many risks, mainly where employees and devices are separated from traditional controls that could prevent their compromise.

A vast majority of CISOs - 71 percent - report that their ideas about what constitutes "good security" has evolved.

Read the full report here

Last modified on 15 April 2021
Rate this item
(0 votes)
Tagged under
More in this category: « Samsung scores 36 iF Design Awards Engineers still worried about masters and slaves »
back to top

Most popular

Latest comments

Read more about: