Research by the Ponemon Institute focusing on chief information security officers (CISOs) worldwide has found worrying levels of business readiness for cybersecurity threats.
Drawing on insights from 184 global CISOs, the report noted that today’s IT security strategies and tactics are shifting away from a focus on strong perimeters to smart data, networks, devices and applications.
According to 60% of CISOs surveyed, material data breaches and cybersecurity exploits are driving change in organizations’ attitudes to security programs, while another 60% of respondents believe security is considered a business priority.
Yet, while awareness levels are clearly growing, the report’s clear message is that there is plenty of room for improvement.
For instance, 80% of respondents said the internet of things (IoT) will cause “significant” or “some change” to their practices and requirements. However, most companies are not hiring or engaging IoT security experts (41%) or purchasing and deploying new security technologies to deal with potential new risks (32%).
“This new research provides a unique view into how CISOs are operating in today’s challenging environment,” said Mike Convertino, CISO at F5 Networks, which commissioned the report. “It’s clear CISOs are making progress in how they drive the security function and the leadership role they are assuming within companies. Yet in many organizations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks.”
Finding the right talent is also a significant hurdle, with 56% struggling to identify and recruit qualified candidates. Almost half of surveyed CISOs branded their staffing as inadequate (42%).
Interestingly, 50% consider computer learning and artificial intelligence important to address staffing shortages. In two years, 70% say these technologies will be important to their IT security functions.
Most CISOs agreed cybersecurity threats are here to stay. Organizations represented in the study experienced an average of two data breaches in the past 24 months. About 83% said the frequency of data breach will increase or stay the same. Another 87% believe the severity of data breach incidents will increase or stay the same.
On average, respondents also experienced three cyber exploits or attacks in the past 24 months. Also, 89% of respondents said cyber exploits will increase or stay the same; while 91% predicted the severity of cyber exploits or attacks would increase or stay the same.
Advanced persistent threats (APTs) were ranked the top threat to the security system followed by DDoS, data exfiltration, insecure apps (including SQL injection), credential takeover, malicious insiders and social engineering.