Cybersecurity teams around the world were challenged to enhance their security posture overnight.
There’s no question that 2020 was a challenging year. The pandemic placed an enormous strain on the global economy, and cyber criminals took advantage of that and accelerated their nefarious activities. Cybersecurity teams around the world were challenged to shore up their security posture in this new and changing environment.
CIOs and CISOs attempted to pull off a balancing act between supporting remote work and avoiding business interruption, all while keeping their businesses secure. With work becoming increasingly flexible, this challenge now extends into the future.
In the recently released 2021 Voice of the CISO report from Proofpoint, which explores key challenges facing chief information security officers (CISOs) after an unprecedented twelve months. Sixty-six percent of CISOs worldwide feel their organisation is unprepared to handle a cyberattack and 58 per cent consider human error to be their biggest cyber vulnerability, proving that the work-from-home model necessitated by the pandemic has tested CISOs like never before.
This year’s Voice of the CISO report examines global third-party survey responses from more than 1,400 CISOs at mid to large size organisations across different industries. Throughout the course of Q1 2021, one hundred CISOs were interviewed in each market across 14 countries: Australia, the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Japan, and Singapore.
The survey explores three key areas: the threat risk and types of cyber-attacks CISOs combat daily, the levels of employee and organisational preparedness to face them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices. It also covers the challenges CISOs face in their roles, position amongst the C-suite, and business expectations of their teams.
“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight. This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments,” commented Lucia Milica, global resident CISO at Proofpoint. “With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.”
Proofpoint’s Voice of the CISO 2021 report highlights general global trends as well as regional differences amongst the global CISO community, these include:
- CISOs are on high alert across a range of threats: faced with a relentless attack landscape, 72 per cent of Australian CISOs feel at risk of suffering a material cyberattack in the next 12 months, above the global average of 64 per cent. When asked about the types of attacks Australian CISOs expect to face, DDOS attacks (44 per cent), Cyber/physical attacks (41 per cent) and Business Email Compromise (40 per cent) topped the list. Cloud Account Compromise (O365 or G suite accounts being compromised, 39 per cent), and insider threats (36 per cent) were next. Despite dominating recent headlines, ransomware came in sixth with 35 per cent and supply chain attacks came in seventh with 32 per cent.
- Organisational cyber preparedness is still a major concern: more than a year on into a pandemic that forever changed the threat landscape, 56 per cent of Australian CISOs feel their organisation is unprepared to cope with a targeted cyberattack in 2021. Cyber risk is also on the rise: 50 per cent of CISOs in Australia are more concerned about the repercussions of a cyberattack in 2021 than they were in 2020.
- User awareness doesn’t always lead to behavioral change: while more than half of global survey respondents believe employees understand their role in protecting their organisation from cyber threats, only 41 per cent of Australian CISOs said the same. In addition, 58 per cent of global CISOs still consider human error to be their organisation’s biggest cyber vulnerability, compared to 45 per cent of Australian CISOs. Australian CISOs listed falling victim to phishing emails, mishandling sensitive information, and clicking malicious links or downloading compromised files as the most likely ways employees put their business at risk.
- Long term hybrid work environments present a new challenge for CISOs: 47 per cent of Australian CISOs agree that remote working has made their organisation more vulnerable to targeted cyberattacks, with 45 per cent revealing they had seen an increase in targeted attacks in the last 12 months.
- High risk, high reward likely to be a common cyber theme over the next two years: 63 per cent of global CISOs and 51 per cent of Australian CISOs believe that cybercrime will become even more profitable for attackers. 60 per cent of global CISOs believe that it will become riskier for cybercriminals compared to 40 per cent of Australian CISOs.
- CISOs will adapt their cybersecurity strategy to stay ahead: Overall, the majority of global CISOs expect their cybersecurity budget to increase by 11 per cent or more over the next two years, and 61 per cent of Australian CISOs believe they will be able to better resist and recover from cyberattacks by 2023. Top priorities across the board for Australian CISOs over the next two years are: consolidating security solutions and controls (46 per cent), enhancing core security controls (38 per cent), supporting remote working (38 per cent), as well as enabling business innovation (37 per cent).
- 2020 elevated the CISO role, as well as the expectations from the business: 44 per cent of Australian CISOs agree that expectations on their function are excessive. The perceived lack of support from the boardroom persists with only 25 per cent of global CISOs strongly agreeing that their board see eye-to-eye with them on issues of cybersecurity. In Australia, this figure was even lower at just 12 per cent of CISOs.