Over 1.000 CISOs from around the world have expressed concern about the security implications of moving to remote work (WFH), according to new research by the cybersecurity company Proofpoint. The survey was conducted in the first quarter of 2021 and includes information from 1.400 CISOs by organizations of 200 or more employees, in different industries in 14 countries.
One hundred CISOs from the USA, Canada, the United Kingdom, France, Germany, Italy, Spain, Sweden, the Netherlands, the UAE, Saudi Arabia, Australia, Japan and Singapore were asked in the context of the research, with many of them pointing out significant problems in the existing cybersecurity landscape.
Lucia Milică, Proofpoint CISO, said CISOs were now facing "fire from all sides" and had been called upon to take a variety of new measures to prepare for the challenges of protecting a hybrid workforce.
In particular, Milică pointed out the following: "The pandemic has put enormous pressure on the global economy and cybercriminals have taken advantage of this upheaval to accelerate their activities. "We are full of cyber-attacks, COVID-19 phishing scams and relentless ransomware attacks."
64% of CISOs surveyed said they felt their body was at risk of being cyber-attacked in the next 12 months, with over 65% of CISOs from the US, France, UAE, Australia, Sweden, Germany and the UK to express this fear. Fear was highest among CISOs in the UK (81%) and Germany (79%).
Furthermore, Fear was higher among CISOs in retail companies and lower among those working in the public sector. Another 66% respondents stated that they do not believe that their business is ready to face the consequences of an attack, in particular CISOs from the Netherlands, Germany and Sweden.
Concerning the the types of cyber attacks that are most worrying CISOs, 34% reported BEC attacks. Others reported DDoS attacks, supply chain attacks, physical attacks, ransomware attacks, and Phishing.
CISOs living in 12 of the 14 countries surveyed said BEC attacks among the top 3 hazards, and specifically in first class in Canada, Sweden, Spain and Japan. Η Cloud account breach was the number one risk in the US, France, Italy and Saudi Arabia.
More than half of CISOs say they are more concerned about the impact of a cyber attack this year than in 2020.
Many CISOs have emphasized that Cyber-attacks have increased alarmingly with pandemics, the shift to telework and the rapid development of remote environments, which made it difficult to protect sensitive information.
Almost 60% respondents stated that they had observed more targeted attacks since remote work began. Almost 70% of CISOs by companies with more than 5.000 employees, stated that they have been targeting the workforce more since remote work began, information technology, technology and telecommunications.
CISOs in UAE and Saudi Arabia note the largest increases in attacks since the beginning of remote work. Over 50% of CISOs stated that remote work adversely affected their ability to maintain secure, sensitive and confidential data.
Majority of CISOs stressed that they had to implement stronger security policies, since the outbreak of the pandemic. In addition, the research notes that human error quickly becomes one by the main attackers exploited by cybercriminals.
Seth Edgar, CISO at Michigan State University, said in a statement that the attackers "used to focus on infrastructure," but now explicitly target people.
In terms of an organization's ability to detect an attack or breach, less than 2/3 of respondents said they were prepared. This small percentage is mainly due to the lack of technical tools and support from superiors.
Looking to the future, 65% of CISOs who were asked stated that believe they will be better prepared to "resist and recover" from cyberattacks by 2022 or 2023, especially in the retail industry.
At the same time, the majority of respondents CISOs said they expect at least 11% increase in cybersecurity budget over the next two yearsWhile 32% said that expects their budget to be significantly reduced in the next two years. Despite budget concerns, more than 60% stated that the total raising public awareness on cybersecurity, will help them do their job.
Another concern expressed by the CISOs, was the profitability of cybercrime, With the 63% of respondents to state that they expect the malicious activity to be even more profitable in the coming years. They also expect sanctions to increase violations or attacks.
The CISOs also stressed that it is being exercised excessive pressure, with 66% of those working in organizations with more than 5.000 employees, "excessive" expectations.
Source of information: zdnet.com