Kaspersky: Most CISOs Say Cyber Attacks Are Inevitable

  /     /     /  
Publicated : 23/11/2024   Category : security


Kaspersky: Most CISOs Say Cyber Attacks Are Inevitable


The Kaspersky Lab report says that while the relationship between executives and CISOs is improving, there continues to be a disconnect around such issues as budgets and the risk of threats.



The bulk of companies top security officials believe that cybersecurity breaches are inevitable, according to a report by Kaspersky Lab that also highlighted the changing roles of CISOs and their uneasy relationships with other C-level executives.
The report,
What It Takes to Be a CISO: Success and Leadership in Corporate IT Security
, paints a picture of chief information security officers under increasing pressure to protect their companies against attacks that are extremely difficult to prevent while often lacking the financial resources they say they need and vying with other departments for budgets.
In addition, while many feel they are adequately involved in the business-decision process, their roles in defending against cybersecurity attacks may not be a high enough priority, according to Kaspersky researchers.
(Source:
iStock
)
However, while there may be ongoing tension in the CISOs relationship with other top executives regarding budgets and the reality of todays modern security environment, things seem to be improving, even if only gradually.
Although a number of studies have been released quantifying the impact of a breach, the ROI of IT security expenditure can still be hard to argue, as most calculations include probabilities and assumptions on the damage caused by breaches, including direct financial losses and the costs associated with reputational losses, Andrey Pozhogin, cybersecurity expert at Kaspersky, told Security Now in an email. Therefore, there continues to be some disconnect between top-level management and CISOs in regards to security expectations.
However, Pozhogin said, overall the relationship between executives and CISOs has strengthened in recent years. He noted as an example that the portion of IT budgets spent on security has increased in North America over the past year, for both enterprises and SMBs. This is evidence that cybersecurity is becoming more of a boardroom issue and a priority for companies of all sizes.
The survey, conducted by PAC for Kaspersky, questioned 250 IT decision makers in the manufacturing and service sectors earlier this year. Among the key findings is that 84% of CISOs in North America said that cyberbreaches are inevitable, listing ransomware, phishing, general malware and Trojans as among the most difficult types of attacks to respond to. Forty percent said financially motivated criminal gangs were the largest IT security risk, followed by malicious insider attacks (29%), and that such attacks were very difficult to prevent.
The ongoing digital transformation within most companies only heightens the risk of cybersecurity threats. The cloud and the uncontrolled cloud expansion by lines-of-business was cited by survey respondents as the top security risk, followed by social networks and mobility, all key factors in increasingly digital businesses. They also listed complex infrastructures involving the cloud and mobility, managing personal data and sensitive information, and the increase in cyber attacks as the top challenges CISOs face.
(Source:
Kaspersky Lab
)
Kaspersky researchers note that the trend toward digital transformation should mean that cybersecurity becomes a top priority, which should lead to the CISO evolving to becoming more influential in important business decisions. Pozhogin added that 58% of CISOs said they are adequately involved in decision-making, an indication that their influence is growing.
However, in addition to just involvement, it is important that security leaders are a part of the organizational hierarchy, he said. Having a CISO at the executive level is still only typical in enterprises that are highly digital, highly sensitive or very large, and in North America, just 40 percent of cybersecurity managers are part of the C-suite. While the trend is headed in the right direction, there is still plenty of room to grow.
Other cybersecurity vendors have echoed the sentiment.
Trend Micro researchers in September noted that despite the rapid growth worldwide in the number of intelligent connected devices, only 38% of Internet of Things projects include input from CISOs and other IT security professionals. (See
Why CISOs Need a Seat at the IoT Projects Table
.)
There also is a disconnect between CISOs and executives regarding budgets. Budgets are growing -- 60% of CISOs in North America expect to see increases -- but getting the money they believe they need is difficult. There is no clear ROI that can be presented to executive teams for security spending and security professionals cant guarantee 100% protection from cyber threats. Thirty-six percent of CISOs surveyed said not being able to promise there wont be a breach has led to them not being able to get the security budgets they believe they need.
This is despite the growing understanding of the damage a breach can do to a company, both financially and to their reputations. Gemalto researchers found that the number of records breached in the first half of 2018 jumped 133% compared to the first six months last year, to 4.5 billion records. In addition, reports by CompariTech and Kaspersky found that data breaches can impact companies long-term stock prospects and even cost C-level executives their jobs. (See
Gemalto: 4.5B Records Breached in First Half of 2018
.)
The misalignment between CISOs and other executives most often happens because of a failure to clearly communicate the risk of an attack and its potential impact on the companys bottom line, Pozhogin said. CISOs being experts in information technology and security tend to better understand the threat landscape and potential implications of each specific threat targeting their network. Other executives do not always have the same depth of understanding and the same level of operational insight, and thus they may downplay the risks, hoping that a minimal investment will suffice to establish a strong enough layer of defense.
Executives also tend to rely on hope for the better, falling victim to the misconception that some industries are less likely to draw the same level of attention from attackers as others because theres nothing to steal and that companies that fall victim to a breach are targeted for reasons that arent relevant to their own organization, he said.
Related posts:
Californias CCPA Law: Why CISOs Need to Take Heed
Data Breach Can Affect Companys Long-Term Stock Price
Data Breaches Costing More C-Level Executives Their Jobs
Employees Remain the Weak Link in Your Companys Cybersecurity Plans
— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Kaspersky: Most CISOs Say Cyber Attacks Are Inevitable