A majority of global chief information security officers (CISOs) surveyed as part of a report released in America last week said they feel their organisations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.
The report, compiled by America-based cybersecurity group Proofpoint, was based on a survey of 1,400 CISOs in 14 different countries including the United States.
The results highlighted a brutal year for security professionals struggling to cope during the COVID-19 pandemic.
Lucia Milică, the report’s lead author, said:
Organizational cyber preparedness is still a major concern, and more than a year into this pandemic, it really changed the threat landscape, 66 percent of CISOs feel their organization is unprepared to cope with a targeted cyberattack in 2021
Lucia Milică, Proofpoint 2021 Voice of the CISO Report
The findings of the survey revealed that CISOs are overworked and overwhelmed after a year in which the COVID-19 pandemic pushed more daily activities online, giving cyber criminals more targets for attack.
Around 64% of CISOs said they believe they will face some form of cyberattack in the next 12 months.
Many of these concerns were due to increased remote work, with more than half of the CISOs surveyed agreeing with the notion that a hybrid work environment had made their jobs more difficult, and 60% seeing an increase in targeted attacks due to remote work over the past year.
Further, many leaders felt a perceived lack of understanding from company leadership, with only 25% reporting that their boards were on the same page with them in terms of cybersecurity threats and resources.
Security leaders cited a broad range of cyberattacks they feared could impact their businesses, but zeroed in particularly on concerns around business email compromise, insider threats within their organisations, supply chain attacks and ransomware.
Hospitals, schools and government organizations have all been targeted by ransomware attacks amid the COVID-19 pandemic, along with critical infrastructure, such as the recent attack that forced the Colonial Pipeline Company to temporarily shut down its operations in America.
The SolarWinds attack, which involved Russian hackers compromising nine federal agencies and 100 private sector groups, was a devestating attack whose impact is still being understood. The Microsoft Exchange Server incident, exploited by both Chinese and Russian hackers, compromised potentially thousands more organizations.
The Report goes on to predict that with the future of work likely to be a more hybrid landscape in the wake of the pandemic, attacks are likely to continue, and call for more resources and support for overburdened CISOs.
Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint, said in a statement after the Report’s release:
The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cyber security defenses has never been more pressing.