As Chief Information Security Officers (CISO) step up their game in order to fend off increasing volumes of attacks against their organizations, they’re met with mounting “security debt”, new research has said.
A report from cybersecurity experts F-Secure, found that despite facing a “well-organized” criminal industry, CISOs are getting better at repulsing many attacks.
Criminals are usually better-equipped than CISOs, mostly because they share the intelligence amongst themselves, with almost three-quarters of CISOs said criminals were also faster than they were.
- Here’s our list of the best malware removal software right now
- We’ve built a list of the best endpoint protection on the market
- Check out our list of the best firewalls available
Despite high-profile ransomware attacks, criminals are also increasingly interested in service and affiliate models, as they increase their effectiveness. CISOs, on the other hand, understand the motives of various cybercrime groups. Almost all (96%) believe they are driven by financial gain.
Overal, over two-thirds (69%) said that criminals had improved their attacking capabilities in the last 12 - 18 months.
Having the right detection technology
For F-Secure’s security advisor for Managed Detection and Response, Michael Greaves, CISOs are doing well despite “pervasive security debt”, mostly because they made the right investments.
“However, it is the incidents that haven’t been discovered which worry us most,” he says. “Because of the sophisticated nature of some of these attacks, organizations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road.”
And speaking of sophisticated, hard-to-detect attacks, most CISOs (71%) fear employees are the weakest link in their cybersecurity chain. They worry criminals may use social channels and launch phishing, ransomware, or business email compromise (BEC) attacks.
Further expanding on the idea of a liable workforce, F-Secure’s respondents said it is particularly risky securing the mobile or remote workforce, mostly due to their devices being separated from the traditional controls.
A vast majority of CISOs - 71% - report that their ideas about what constitutes “good security” has evolved recently.
- Here’s our rundown of the best antivirus out there