A perfect storm of rising cyberattacks and global technology innovation leaves 61% of chief information security officers (CISOs) only ‘fairly confident’ in managing their current threat exposure. A recent report from Crossword Cybersecurity Plc explores the findings in greater depth.
Crossword Cybersecurity Plc, the cybersecurity solutions company focused on cyber risk and strategy, has released a new report based on the results of a survey of over 200 UK CISOs and senior cybersecurity professionals. The report, Strategy and collaboration: a better way forward for effective cybersecurity, reveals that businesses are more concerned about and exposed to cyber threats than ever before, with nearly two-thirds (61%) describing themselves as “fairly confident” at best in managing their current exposure to cyber threats, that should turn heads in the boardroom.
Respondents also feared that their cyber strategy would not keep pace with technological innovation and changes in the threat landscape. Just under half (40%) believe their existing cyber strategy will be outdated in two years and another 37% in three years. Additional investment is needed to address longer-term planning, with 44% saying they only have enough resources in their organization to focus on immediate and medium-term cyber threats and technology trends.
the daily shootout
CISOs and cyber professionals report struggling to manage today’s cyber security risks across the board. When asked about the day-to-day aspects of securing their business on a scale that includes ‘a little, some or a lot of challenge’, respondents rated the following areas as at least somewhat challenging: (total challenging numbers in parentheses)
- Detect or identify the occurrence of a cybersecurity event or threat: 56% (85%)
- Third parties disclosing violations on time: 55% (85%)
- Understand and anticipate new or potential future strategies used by threat actors: 55% (84%)
- Ensuring the entire supply chain is tight in its ability to defend and recover from threat actors: 52% (83%)
Juggling cybersecurity priorities
Organizations not only feel like they’re chasing their next cyber strategy, they’re also struggling to deliver on the one they have now. CISOs highlighted the following key priorities over the next 12 months:
- the The cyber skills gap within organizations is the highest strategic priority (31%). This has been an ongoing issue facing the IT industry and cybersecurity teams can quickly become overwhelmed without the right expertise to manage the load. The effects of this can be devastating, creating risk vectors that can be exploited and can lead to human error under pressure or a missed threat. Instead of looking for new people, the gap could be partly addressed by devoting more resources to training and upskilling, but this is difficult when team capacity is already stretched to the limit.
- The next highest priority highlighted by CISOs is the challenge of get consistent and reliable ‘threat intelligence’ (28%)with many reports relying on informal information-sharing networks.
- Digital identity protection (27%) it was also identified as key due to the risks posed by hackers obtaining credentials and posing as users to access data and systems.
“The picture our research paints shows that CISOs are in dire need of a strategic rethink,” said Stuart Jubb, group managing director at Crossword Cybersecurity plc. “CISOs need to balance the day-to-day burden of their cybersecurity operation with managing the long-term requirements of the organization. Boards need to make sure CISOs have the budget to handle short-term issues and then start planning a long-term business strategy. Such a strategy must be supported by a standard operating model with robust processes and policies throughout the company’s supply chain. Every month of delay leaves companies exposed to potentially devastating cyberattacks.”
Tech trends that matter to cyber professionals
CISOs were also asked about the technology trends they considered most important and relevant for the next 12 months. Several technology categories stood out with cloud transition and cloud cyber leading the way (41%), followed by cyber security mesh architecture (CSMA: 35%) and AI/machine learning (31%). ).
Deciding how each of these categories will fit into the short-term cyber objectives and long-term strategy of UK organisations, will be a serious consideration. However, respondents reported having a clear vision of the most important technology components they want to address in their cybersecurity plans in the near term, compared to the next three to five years. Three-quarters (75%) said software verification, which helps ensure a program is safe, 69% said moving to the cloud, and 69% said dealing with ransomware escalation will be an immediate focus or during the next 12 months. A similar number (65%) identified CSMA, a method of making cybersecurity products interoperable, as a key technology. Other featured technologies included:
- Zero Trust and identity security (62%)
- Computing/quantum data stores (55%)
- AI/machine learning (55%)
Jubb concluded: “Cybersecurity today is in a tighter iterative cycle than in the past. It requires organizations to take a more strategic and collaborative approach: We recommend appointing a chief cybersecurity strategist and letting the CISO deal with immediate challenges. Managing day-to-day risks is a difficult balancing act, but it can be done if CISOs have the right resources to upskill their teams and tools that leverage AI to deliver efficiencies and automation to help protect their organization and your supply chain against today’s threats.
Professor Tim Watson, Program Director, Defense and Security, The Alan Turing Institute and Director, WMG Cyber Security Center, University of Warwick, commented: “Collaboration is especially important when it comes to protecting critical national infrastructure because “It’s rapidly becoming a whole new theater of conflict between Nation States. It’s also not particularly easy because there are so many public and private stakeholders.”
Muttukrishnan Rajarajan (Raj), Professor of Security Engineering and Director of the University of London’s City Institute of Cyber Security, commented: “Fighting ransomware is an area of great interest in the research world, so So I’m not surprised it scored high in the survey. We’re often tasked with working on projects that focus on just this: an attack on one SME can bring an entire supply chain to a halt, as we saw recently with the vulnerabilities introduced through Log4J code libraries”.
Click below to share this article