A year from now, Cyber chiefs expect major attacks
- October 9, 2023
- 8:12 am
According to a study conducted on 1,600 chief information security officers, two-thirds (68%) of them predict a material cyberattack to take place against their organization over the next 12 months.
An enterprise security company, Proofpoint, conducted a survey based on its “Voice of the CISO Report,” which revealed an important shift in the mindset of security leaders regarding future attacks on their organizations. The number of CISOs who anticipate a cyberattack was less than half (48%) 12 months ago.
The report noted that this major change in the survey indicates that security professionals believe the attack environment is heating up again, and their concerns are commensurate.
Proofpoint’s Global Resident CISO Lucia Milica Stacy explained that as we emerged from the pandemic, security leaders made a conscious decision to prioritize more long-term controls to protect their workplaces.
“Nevertheless, the intensity of attacks grew, as well as pressures resulting from strategic competition that led to imperial problems,” said Lucia Milica Stacy to TechNewsWorld.
An explanation for pessimism
Several factors may explain CISOs’ concern regarding increased cyberattacks, according to security experts.
According to Tomlinson, a cloud-based developer in Palo Alto, California, the number of new attack methods is on an upward trend, including the compromise of software supply chains, APIs, and SaaS services connected to third parties was the idea of Noname Security’s Chief Information Security Officer, a provider of API security solutions.
“Even with all this, traditional threats, such as ransomware and web application attacks, never disappear,” he told TechNewsWorld. There is sufficient budget and staffing for security to pose a high threat to the organization for most of the year.”
Palo Alto, California’s Noname Security, which provides a cloud-native API security platform located in Palo Alto, California, stated this in an interview with Karl Mattsson, Chief Information Security Officer.
Enhance cloud CX innovation at the right time by accelerating progress
There has also been an increase in the proliferation of end-to-end devices in the business, which has given CISOs additional reason to be concerned.
To achieve holistic visibility, security, compliance, and control across employees, devices, and locations, IT leaders face increasing challenges, according to Keeper, a password management and online storage company based in Chicago. Security’s CEO, Darren Guccione, stated.
“AIT security teams are competing with each other for talent while macroeconomic conditions are tightening budgets, which is of particular concern as cyberattacks are on the rise,” he told TechNewsWorld.
Bold actors are also adopting ‘as a service’ models to increase their opportunity for collection. According to Tel Aviv, Israel-based CISO of SafeBreach, a collection and attack prevention platform, “Phishing-as-a-service and ransomware-as-a-service are key factors in driving the increased number and scale of cyberattacks.”. The company was providing the platform.
“When the number of attacks increases, it becomes a statistical reality,” he explained to TechNewsWorld. “The more attacks conducted, the greater the chances of the attack being successful.”
Data breaches caused by insiders
The report found that CISOs (chief information security officers) believe employee attrition poses a threat to data security. Eight out of ten chief information security officers (82%) said the data loss incident was the reason for employee departures.
“There is a risk of losing sensitive information as a result of employee attrition when resources are lacking, and staff attrition is significant,” Stacey stated.
According to the report, retail (90%) and IT, technology, and telecommunications (88%) were the two sectors that were most affected by turnover.
Security teams face a thorny challenge due to these trends, and the problem continues when people leave. Keeping sensitive information from being stolen is becoming increasingly difficult as they become more and more sophisticated.
There are so many companies that get done in writing by their ex-employees that they will delete all the company data. Others intimidate new hires by threatening to take action if the employee shares any information from their previous employer. Although there may be responsibilities, none of these are adequate to provide a satisfactory resolution.”
Daniel Kennedy, the Research director for information security and networking at 451 Research and an executive at S&P Global Market Intelligence—part of a global market research company, says that the majority of workers and staff take some work along with them when they bid farewell to their organization.
“This could be customer data or contact information for a marketer, while it could be human assets, developed models, or code for other employees,” he explains to TechNewsWorld.
“While I served as the chief information security officer at the time, I made a connection between attacks and employee terminations and our various data loss platforms. I was able to predict when someone would appear to have resigned based on their behavior.
CISOs (cybersecurity officers) are increasingly concerned that insiders contribute to data loss, which is different from what previously was thought.
The NCC indicated that there had been a recent change in thinking from ‘it’s wrong to trust employees’ to ‘we must protect ourselves from all types of threats’, according to Sorya Biswas, the Group’s technical director and head of governance.
Several recent leaks by US defense insiders have assisted in shaping that narrative, according to TechNewsWorld. Indeed, Malikul interiors do not have changed in breadth, but the awareness surrounding them has changed.”
According to Daniel Schwalbe, CISO of DomainTools, an online intelligence company based in Seattle, the level of trust among employees indicates even more about a company’s content culture.
However, it can also be compounded by a feeling of blindness when some CISOs are uncertain as to where their data stored is.” note that telecommuting workers throw pre-pandemic corporate networks off balance.
Demand for Cyber Resilience
Risе Of Rеmotе Work In Thе Mоdеrn Business Landscape:
Thе modеrn businеss landscapе has sееn a significant surgе in rеmotе work duе to technological advancements and thе COVID-19 pandemic. This trend enables employees to work from various locations, offеring flexibility and reducing thе nееd for physical office spaces.
Challеngеs And Vulnеrabilitiеs Associatеd With Rеmotе Work:
Unsecured nеtworks and potеntial data brеachеs.
Use of personal devices for work, raising sеcurity concеrns.
Inadvertent sharing of sensitive information through insecure channels.
Increased risk of insider threats, including disgruntlеd еmployееs.
Possibility of еxtеrnal actors gaining unauthorizеd accеss to remote work environments.
Growing Gig Economy And Its Impact On Insidеr Thrеats:
Thе gig еconomy, characterized by short-term contracts and frееlancе work, has significantly еxpandеd. Organizations increasingly rely on temporary and contingеnt workеrs for specific projects.
Whilе this flеxibility is advantagеous, it introducеs insidеr thrеat risks. Tеmporary workеrs may lack thе samе loyalty as full-timе еmployееs, making thеm potеntial targеts or conduits for malicious insidеrs.
Managing Sеcurity Risks In A Contingеnt Workforcе:
Implеmеnt rigorous onboarding and offboarding procеssеs for tеmporary workеrs.
Rеstrict access to sensitive data to prevent unauthorizеd usе.
Establish monitoring mеchanisms to dеtеct unusual bеhavior or unauthorizеd accеss.
Conduct employee awareness and training programs to clarify data sеcurity rеsponsibilitiеs for tеmporary workеrs.