On Tuesday, Crossword Cybersecurity Plc, a cybersecurity solutions company, released a new report demonstrating that UK companies are increasingly worried about cyber-attacks. In the survey of more than 200 CISOs and senior cybersecurity professionals, 40% of respondents said that their current cybersecurity strategy will likely be outdated in just two years. A further 37% said this would happen in three years.
The ever-increasing number of cyber-attacks coupled with constant tech innovation means companies must continuously update their cybersecurity strategies. More than three-fifths (61.4%) of participants marked themselves as “fairly confident” in their ability to thwart cyber-attacks.
To keep up with the risk of cyber-attacks, companies need to invest more funds into cybersecurity solutions. With this in mind, only 44% of respondents said they had the means necessary to protect their organization against immediate and mid-term risk, alongside tech trends. There is a pressing need for companies to develop cybersecurity strategies to mitigate long-term threats.
“Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business-wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyber-attacks,” stated Stuart Jubb, Group Managing Director at Crossword Cybersecurity plc, in a press release.
According to Crossword, a more tactical approach is required, accounting for the next five years. Current cybersecurity strategies are too fragile and must be strengthened with comprehensive solutions. In addition, closing the skills gap should be a top priority, which means resources must be allocated to either hire top talent or train existing staff.
“Managing the day to day risks is a tough balancing act, but one that can be achieved if CISOs have the right resources to upskill their teams and tools that leverage AI to bring efficiency and automation to help protect their organization and its supply chain against today’s threats,” argued Jubb.
Currency, the barrier to entry into the cybersecurity industry is too high. Companies should onboard talent from a more diverse pool and hire cognitive psychologists, change managers and business experts alongside other professionals with a stake in the game. Focusing on those with technical skills alone won’t provide a competitive edge.
At present, cybersecurity pros believe companies are predominantly focused on short-term priorities, namely software verification and ransomware attacks. In the next 12 months, three-quarters of respondents stated that software verification would be a crucial focus, while 69% of those surveyed said they would transition to the cloud. Additionally, two-thirds (67%) of participants said they would focus on handling the threat of ransomware attacks.
“Tackling ransomware is a huge area of focus in the world of research, so I’m not surprised this scored highly in the survey,” said Muttukrishnan Rajarajan, professor of security engineering and director, Institute for Cyber Security, City, University of London, in a press release. “We are often commissioned to work on projects that focus just on this – an attack on one SME can cause a complete supply chain to grind to a halt as we saw with vulnerabilities introduced via the Log4J code libraries recently.”
Addressing these immediate threats isn’t enough. To develop a more robust approach to cybersecurity, Crossword suggests drawing on the diverse insights of employees, whether through workshops or brainstorming the entire landscape of risk and respective solutions.