CISOs face constant dilemmas to avoid drowning in their ‘security debt’

Outgunned security executives navigate complex obstacles to keep rising attacks from turning into more breaches.

Helsinki, Finland – April 15, 2021: CISOs face a rising ‘security debt’ to secure their organizations against an increasing volume of attacks by well-armed criminals. Yet despite going up against a criminal industry that enjoys advantages when it comes to speed and shared weaponry, CISOs and their teams report turning away increasing volume of attacks and preventing more of them from becoming breaches or compromises, according to a new report from cyber security provider F-Secure in conjunction with Omnisperience.

In addition to the lure of successful high-profile ransomware attacks, service and affiliate models are making threat groups more effective. The sharing of tooling and offensive knowledge makes it easier to conduct more attacks against more targets.

An overwhelming percentage of the CISOs - 96% - acknowledge that they face a well-organized criminal industry motivated by financial gain. Furthermore, about seven out of 10 CISOs (72%) say adversaries are moving faster than they are, and a similar number (69%) say their adversaries have improved their attack capabilities in the last 12-18 months.

“Despite pervasive ‘security debt’ and reporting a rising number of cyber attacks, CISOs say that the number of incidents, which includes a breach or unauthorized access to a system, they faced remained pretty much the same,” says F-Secure’s Michael Greaves, security advisor for Managed Detection and Response. “This could be because CISOs have made the right investments. However, it is the incidents that haven’t been discovered which worry us most. Because of the sophisticated nature of some of these attacks, organizations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road.”

The report covers numerous aspects of the complex dilemmas CISOs face on a daily basis, including:

·       Employees are the primary attack vector, according to 71% of the CISOs interviewed, as attackers take advantage of social channels to launch more sophisticated targeted attacks.

·       The top three threats CISOs and their teams face are phishing, ransomware and business email compromise (BEC).

·       Securing the mobile or remote workforce, which has exploded during the pandemic, presents a number of risks, particularly where employees and devices are separated from traditional controls that could prevent their compromise.

·       A vast majority of CISOs - 71% - report that their ideas about what constitutes “good security” has evolved recently.

“Too often, cyber security is seen as ‘risk mitigation’ instead as a ‘business enabler’ by C-level executives. CISOs are tasked with overcoming that perception and their ‘security debt.’ To do this they must call on every ounce of their abilities, including emotional intelligence, to persuade their peers and deny attackers,” says Royce K. Markose, Chief Information Security Officer at RewardStyle.com.

The report, CISOs’ New Dawn, is based on in-depth interviews with 28 CISOs from the US, UK, and other European countries. Find out more about what the attack landscape looks like according to top corporate cyber security professionals: https://blog.f-secure.com/the-cisos-dilemma/.

Read the full report here: https://www.f-secure.com/en/business/resources/an-effective-security-leader/publication.

About F-Secure

Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859
adam.pilkey@f-secure.com

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.