CISOs operating blind, with limited visibility and control
An overwhelming percentage (75%) of CISOs consider their organization to be at greater risk of a cybersecurity attack due to the transition to home working, with a third admitting they’ve taken their eye off the ball during these past 12 months losing track of leavers and devices, according to a new survey from BlueFort Security, a provider of cybersecurity solutions.
The study, which surveyed 600 CISOs from a variety of UK organizations, found that the combination of the pandemic, the resulting accelerated shift to digital, and the ongoing skills gap, have created a perfect cybersecurity storm leaving them more vulnerable to attacks than ever before.
A consequence of squeezed budgets and priorities has meant that 30% of CISOs have lost track of movers, joiners and leavers. Moreover, 29% have said they are missing corporate devices. Over a quarter (27%) of CISOs surveyed said gaps in staff cybersecurity awareness and knowledge have emerged, and the same percentage (27%) said the same of concerns regarding supply chain partner cybersecurity.
More than three quarters (77%) of CISOs admitted their business had experienced a cybersecurity incident in the last 12 months. This is despite the fact that almost the same percentage (74%) said their organisation had introduced additional cybersecurity measures due to remote working.
Almost half (47%) said that mitigating cybersecurity threats had been their key priority and 41% prioritized identity and access management over the same period.
What lies ahead
Looking to the future, once COVID restrictions have eased, 38% of CISOs expect their organization to work in a hybrid way (between workplace and home). The direct impact of that is that the majority (85%) of CISOs believe managing cyber risk will become more complicated. For example, nearly half (44%) think their company should introduce a rigorous enforcement of cybersecurity policies and sanctions to encourage tighter cybersecurity practices.
Other reasons given include managing a remote workforce is more difficult (30%); the threat surface is more disparate and diverse due to hybrid or remote working (26%); it will be less clear where the end-points data is (24%); and there are more threats to worry about (20%).
Cybersecurity as a priority
On a positive note, almost 9 in 10 (89%) respondents state that cybersecurity has become more of a priority to their Board in the last 12 months, and CISOs are investing in new technologies to help address these emerging challenges. 35% are looking at automation, 34% at machine learning, and the same percentage (34%) at network detection and response.
32% of CISOs are looking to deploy zero trust architecture and the same percentage (32%) said end-point detection and response. 27% of CISOs said they are looking to deploy AI.
“The fact that CISOs have had a particularly tough time these past 18 months isn’t a surprise. What shocked me was the severity of the impact. It’s a sorry tale of a lack of visibility – of their infrastructure, their devices and their people – which has led to poor intelligence and restricted control. The positive takeaway from this is the recognition that new technology will play a significant role when it comes to redressing the balance,” said Ian Jennings, co-founder of BlueFort Security.