Tech | Visa | Scholarship/School | Info Place

The biggest challenges include human error and risk

In Proofpoint’s Voice of the CISO 2024 report, the cybersecurity company found that CISOs face more human-based threats than ever before. Additionally, cybersecurity budgets generally remain static, and AI can both help or hurt the CISO’s job.

In terms of specific threat risks, 41% of CISOs are most concerned about ransomware attacks, followed by malware (38%), email fraud (36%), cloud account compromise (34%), insider threats (30%) and distributed denial of service (30%) attacks.

Infographic showing what CISOs consider to be the biggest threat risks over the next 12 months.
CISOs identify the biggest threat risks over the next 12 months. Image source: Proofpoint

For the report, research firm Censuswide surveyed 1,600 CISOs at organizations with 1,000 or more employees across a variety of industries and 16 countries.

Top people-centric security issues facing CISOs

The survey shows that more CISOs believe human error is their organization’s greatest weakness; 74% of CISOs feel this way, up from 60% in 2023.

The chart shows the percentage of CISOs in each country who believe human error is their organization's greatest vulnerability.
Percentage of CISOs in each country who believe human error is their organization’s biggest vulnerability. Image source: Proofpoint

Additionally, 80% of CISOs believe human risk is a major concern for cybersecurity in the next two years, up from 63% in 2023. This is where AI comes into play, as 87% of CISOs are looking to deploy AI technology to combat human weaknesses and thwart human-centric cyber threats.

Threats of concern also include malicious insiders (36%) and compromised insiders (33%).

Download: TechRepublic Premium’s Security Awareness and Training Policy

Data loss incidents and threat mitigation

For CISOs, negligent or careless employees are the biggest cause of data loss incidents (42%), while external attacks (40%) are not. According to the Proofpoint report, 73% of CISOs said their data loss incidents were caused by employee turnover.

This chart shows the causes of data loss incidents, as reported by CISOs who have dealt with a significant loss of sensitive information in the past 12 months.
Causes of data loss incidents, as reported by CISOs who have dealt with significant losses of sensitive information in the past 12 months. Image source: Proofpoint

The consequences of these data loss incidents are primarily financial losses (43%), recovery costs after an attack (41%), and loss of critical data (40%).

SEE: Australia’s chief information security officers urged to pay close attention to data breach risks

To address data loss, many CISOs train employees on computer security best practices (53%), use cloud security solutions (52%), deploy data loss prevention technologies (51%), endpoint security (49%), email security (48%) or isolation technologies (42%).

In one year, DLP adoption rates soared from 35% to 51%, and 81% of CISOs believe their data is well protected.

Cybersecurity threats are increasing

Proofpoint said the attack surface for organizations has never been greater for a number of reasons, including the fact that hybrid working has become the norm and reliance on cloud technology has increased. In addition, employees are becoming more mobile, often taking their data with them when they change jobs.

70% of CISOs believe their organization is likely to experience a major cyberattack in the next 12 months, with 31% believing it is highly likely. CISOs in the United States, Canada, and South Korea are most concerned about such an attack.

The chart shows the percentage of CISOs who believe their organizations are at significant risk of a cyberattack in the next 12 months.
Percentage of CISOs who believe their organizations face significant risk of cyberattack in the next 12 months. Image source: Proofpoint

AI helps both CISOs and cybercriminals

As mentioned earlier, even though it’s still early days, the majority of CISOs surveyed are looking to deploy AI technologies to help them protect their organizations. “Even at this early stage, we can already make the connection between external threats, sensitive content, and anomalous behavior or activity. This is something that manual review or traditional analysis cannot achieve at the same speed and scale,” Proofpoint wrote.

SEE: Google Cloud’s Nick Godfrey talks security, budgets, and AI for CISOs

However, AI also provides cybercriminals with an advantage, making it easier to scale their attacks, while techniques that were previously only available to nation-state threat actors or well-funded cybercrime groups are now available to less skilled attackers. More than half of CISOs (54%) believe that AI poses some form of security risk to their organization.

Cybersecurity budget pressures

59% of CISOs surveyed said the economic situation has had an impact on their organizations. In addition, CISOs are under pressure to do more or at least the same work with less money, while security budgets are at best flat. 48% of CISOs have been asked to lay off staff, delay hiring, or cut spending.

Based on budget, the top priorities for CISOs are now improving information protection and enabling greater business innovation (58%), slightly ahead of increasing employee cybersecurity awareness (54%).

The chart shows the top priorities for IT teams at each organization over the next two years.
The top priorities for enterprise IT teams over the next two years. Image source: Proofpoint

CISO concerns include burnout and insurance

In addition to budget-related pressures, 66% of CISOs believe that expectations of them are unrealistic. This number is increasing (61% in 2023) because they also feel that their concerns are not answered. This all leads to low job satisfaction, with 53% of CISOs experiencing or witnessing burnout in the past year.

66% of CISOs are also concerned about the personal, financial and legal liabilities that may come with their position and the lack of job security. Additionally, 72% of CISOs would not join an organization that does not provide its directors and officers with insurance or similar protection against a successful cyberattack.

Highlight: CISO’s relationship with board members

84% of CISOs say they have in-person meetings with board members, compared to only 51% in 2022 and 62% in 2023. These meetings have resulted in a deeper understanding among board members.

Disclosure: I work at Trend Micro, but the opinions expressed in this article are my own.

#biggest #challenges #include #human #error #risk

Leave a Reply

Your email address will not be published. Required fields are marked *