In Proofpoint’s 2024 Voice of the CISO report, the cybersecurity firm discovered that CISOs are coping with people-centric threats greater than ever. Plus, cybersecurity budgets typically don’t change, and AI will help and damage CISOs’ efforts.
Relating to the precise risk dangers, 41% of the CISOs principally concern ransomware assaults, adopted by malware (38%), electronic mail fraud (36%), cloud account compromise (34%), insider risk (30%) and distributed denial of service (30%) assaults.
For this report, the analysis agency Censuswide surveyed 1,600 CISOs from organizations of 1,000 workers or extra throughout totally different industries in 16 nations.
CISOs’ primary people-centric safety issues
In line with the survey, extra CISOs than ever consider human error is the most important vulnerability for his or her organizations; 74% of the CISOs really feel this manner, up from 60% in 2023.
As well as, 80% of CISOs see human danger as a key cybersecurity concern over the following two years, up from 63% in 2023. That is the place AI comes into play, as 87% of CISOs want to deploy AI-powered applied sciences to struggle human vulnerability and block human-centric cyber threats.
Regarding threats additionally embody malicious insiders (36%) and compromised insiders (33%).
DOWNLOAD: Safety Consciousness and Coaching Coverage from TechRepublic Premium
Knowledge loss occasions and risk mitigation
Negligent or careless workers are seen as the most important trigger of information loss occasions for CISOs (42%) over exterior assaults (40%). In line with the Proofpoint report, 73% of CISOs added their knowledge loss occasions have been brought on by workers leaving their group.
The implications of those knowledge loss occasions are principally monetary loss (43%), post-attack restoration prices (41%) and lack of essential knowledge (40%).
SEE: CISOs in Australia Urged to Take a Nearer Have a look at Knowledge Breach Dangers
To struggle the information loss drawback, many CISOs educate their workers about laptop safety finest practices (53%), use cloud safety options (52%), deploy knowledge loss prevention know-how (51%), endpoint safety (49%), electronic mail safety (48%) or isolation know-how (42%).
This adoption of DLP has surged from 35% to 51% in a 12 months, with the consequence being 81% of CISOs believing their knowledge is nicely protected.
An rising variety of cybersecurity threats
Proofpoint said the assault floor of organizations has by no means been bigger for numerous causes, together with hybrid work has grow to be a normal, whereas reliance on cloud know-how has grown. Additionally, workers have grow to be more and more cell, typically taking knowledge with them when altering jobs.
Seventy % of CISOs really feel their group will in all probability face a fabric cyberattack over the following 12 months, with 31% pondering it is rather doubtless. The CISOs from the U.S., Canada and South Korea are essentially the most involved about experiencing such an assault.
Synthetic intelligence helps CISOs but in addition cybercriminals
As famous earlier, most CISOs surveyed want to deploy AI-powered applied sciences to assist them defend their group, even when they’re nonetheless at an early stage. Proofpoint wrote, “Even in these early phases, we are able to already join the dots between exterior threats, delicate content material and anomalous behaviors or exercise. That’s one thing that has not been attainable on the identical velocity and scale with human moderation or conventional evaluation.”
SEE: Google Cloud’s Nick Godfrey Talks Safety, Funds and AI for CISOs
But AI additionally advantages cybercriminals, rendering their assaults simpler to scale, and methods that have been solely deployed by nation-state risk actors or well-funded cybercriminal teams are actually accessible for lower-skilled attackers. Greater than half of the CISOs (54%) suppose AI poses some type of safety danger to their group.
Stress about cybersecurity budgets
The economic system has had an affect on organizations, in accordance with 59% of the surveyed CISOs. Plus, CISOs are pressured to do extra or at the least the identical for much less, with safety budgets remaining flat at finest. Forty-eight % of the CISOs have been requested to chop workers, delay backfills or scale back spending.
CISOs’ prime precedence in accordance with their finances is now bettering data safety and enabling higher enterprise innovation (58%) barely forward of bettering worker cybersecurity consciousness (54%).
CISOs’ considerations embody burnout and insurance coverage
Along with the budget-related stress, 66% of CISOs really feel expectations on them are unrealistic. This quantity is constantly rising (61% for 2023), as additionally they really feel their considerations are unanswered. This all ends in low job satisfaction, with 53% of the CISOs experiencing or witnessing burnout previously 12 months.
Sixty-six % of CISOs are additionally involved with private, monetary and authorized legal responsibility of their position, fearing a scarcity of safety of their job. And, 72% of CISOs wouldn’t be part of a corporation that will not provide them administrators and officers insurance coverage or comparable safety within the occasion of a profitable cyberattack.
A vivid spot: CISOs’ relationships with board members
Eighty-four % of CISOs reported they’ve eye-to-eye contacts with their board members, whereas solely 51% reported such contact in 2022 and 62% in 2023. These contacts have led to a higher understanding from the board members.
Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.
