Prime Challenges Embrace Human Error & Danger

In Proofpoint’s 2024 Voice of the CISO report, the cybersecurity firm discovered that CISOs are coping with people-centric threats greater than ever. Plus, cybersecurity budgets usually don’t change, and AI may also help and damage CISOs’ efforts.

Concerning the precise menace dangers, 41% of the CISOs largely worry ransomware assaults, adopted by malware (38%), electronic mail fraud (36%), cloud account compromise (34%), insider menace (30%) and distributed denial of service (30%) assaults.

Infographic showing the biggest threat risks as perceived by CISOs for the next 12 months.
Largest menace dangers as perceived by CISOs for the following 12 months. Picture: Proofpoint

For this report, the analysis agency Censuswide surveyed 1,600 CISOs from organizations of 1,000 staff or extra throughout totally different industries in 16 nations.

CISOs’ most important people-centric safety issues

In line with the survey, extra CISOs than ever consider human error is the largest vulnerability for his or her organizations; 74% of the CISOs really feel this manner, up from 60% in 2023.

Chart showing percentage of CISOs by country who consider human error as their organization’s biggest vulnerability.
Share of CISOs by nation who take into account human error as their group’s greatest vulnerability. Picture: Proofpoint

As well as, 80% of CISOs see human danger as a key cybersecurity concern over the following two years, up from 63% in 2023. That is the place AI comes into play, as 87% of CISOs wish to deploy AI-powered applied sciences to battle human vulnerability and block human-centric cyber threats.

Regarding threats additionally embody malicious insiders (36%) and compromised insiders (33%).

DOWNLOAD: Security Awareness and Training Policy from TechRepublic Premium

Information loss occasions and menace mitigation

Negligent or careless staff are seen as the largest trigger of knowledge loss occasions for CISOs (42%) over exterior assaults (40%). In line with the Proofpoint report, 73% of CISOs added their information loss occasions have been brought on by staff leaving their group.

Chart showing cause of data loss events, as reported by CISOs who dealt with a material loss of sensitive information in the past 12 months.
Trigger of knowledge loss occasions, as reported by CISOs who handled a fabric lack of delicate info previously 12 months. Picture: Proofpoint

The results of those information loss occasions are largely monetary loss (43%), post-attack restoration prices (41%) and lack of important information (40%).

SEE: CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

To battle the info loss drawback, many CISOs educate their staff about pc safety greatest practices (53%), use cloud safety options (52%), deploy information loss prevention know-how (51%), endpoint safety (49%), electronic mail safety (48%) or isolation know-how (42%).

This adoption of DLP has surged from 35% to 51% in a yr, with the end result being 81% of CISOs believing their information is properly protected.

An growing variety of cybersecurity threats

Proofpoint said the assault floor of organizations has by no means been bigger for numerous causes, together with hybrid work has develop into a typical, whereas reliance on cloud know-how has grown. Additionally, staff have develop into more and more cellular, usually taking information with them when altering jobs.

Seventy p.c of CISOs really feel their group will in all probability face a fabric cyberattack over the following 12 months, with 31% pondering it is extremely possible. The CISOs from the U.S., Canada and South Korea are probably the most involved about experiencing such an assault.

Chart showing percentage of CISOs who feel their organization is at risk of a material cyberattack in the next 12 months.
Share of CISOs who really feel their group is liable to a fabric cyberattack within the subsequent 12 months. Picture: Proofpoint

Synthetic intelligence helps CISOs but in addition cybercriminals

As famous earlier, most CISOs surveyed wish to deploy AI-powered applied sciences to assist them shield their group, even when they’re nonetheless at an early stage. Proofpoint wrote, “Even in these early phases, we will already join the dots between exterior threats, delicate content material and anomalous behaviors or exercise. That’s one thing that has not been doable on the identical pace and scale with human moderation or conventional evaluation.”

SEE: Google Cloud’s Nick Godfrey Talks Security, Budget and AI for CISOs

But AI additionally advantages cybercriminals, rendering their assaults simpler to scale, and strategies that have been solely deployed by nation-state menace actors or well-funded cybercriminal teams at the moment are obtainable for lower-skilled attackers. Greater than half of the CISOs (54%) assume AI poses some type of safety danger to their group.

Stress about cybersecurity budgets

The economic system has had an impression on organizations, in keeping with 59% of the surveyed CISOs. Plus, CISOs are pressured to do extra or at the very least the identical for much less, with safety budgets remaining flat at greatest. Forty-eight p.c of the CISOs have been requested to chop workers, delay backfills or cut back spending.

CISOs’ prime precedence in keeping with their funds is now enhancing info safety and enabling higher enterprise innovation (58%) barely forward of enhancing worker cybersecurity consciousness (54%).

Chart showing top priorities for organizations’ IT teams over the next two years.
Prime priorities for organizations’ IT groups over the following two years. Picture: Proofpoint

CISOs’ considerations embody burnout and insurance coverage

Along with the budget-related stress, 66% of CISOs really feel expectations on them are unrealistic. This quantity is repeatedly growing (61% for 2023), as in addition they really feel their considerations are unanswered. This all leads to low job satisfaction, with 53% of the CISOs experiencing or witnessing burnout previously yr.

Sixty-six p.c of CISOs are additionally involved with private, monetary and authorized legal responsibility of their position, fearing a scarcity of safety of their job. And, 72% of CISOs wouldn’t be part of a company that may not supply them administrators and officers insurance coverage or comparable safety within the occasion of a profitable cyberattack.

A vibrant spot: CISOs’ relationships with board members

Eighty-four p.c of CISOs reported they’ve eye-to-eye contacts with their board members, whereas solely 51% reported such contact in 2022 and 62% in 2023. These contacts have led to a higher understanding from the board members.

Disclosure: I work for Development Micro, however the views expressed on this article are mine.

Source link