The position of a Chief Information Security Officer (CISO) is by no means an easy one. The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements can all pose significant challenges to CISOs.
The Coronavirus pandemic has also heightened Cyber Security concerns and created a whole new set of risks that require decisive action. Threat actors have been quick to capitalise on the Covid-19 outbreak, which has resulted in a massive spike in phishing, ransomware, and cyber attacks.
If Cyber Security wasn’t a priority before the pandemic, it certainly is now as organisations scramble to ensure that the correct processes and countermeasures are in place to defend against attacks. The role of the CISO has never been more important so it comes as no surprise that with this added responsibility comes a few sleepless nights!
There’s no shortage of threats keeping CISOs up at night, but we’ve listed four of the most pressing security concerns.
Top Security Concerns for CISOs
1. Distributed Workforce
As the Covid-19 outbreak spread across the world, millions of employees had to make the rapid transition to working from home. This created a host of new security challenges and exposed many vulnerabilities that cybercriminals were quick to exploit.
Business processes that were designed for the secure confines of the office were now being conducted in unsecured home environments with little or no security controls. Whilst many larger organisations were able to equip employees with company-issued laptops, a large proportion of workers were accessing sensitive company networks on unsecured personal devices.
This provided hackers with lots of opportunities to infiltrate corporate networks and they wasted no time in exploiting the fear and uncertainty surrounding the pandemic. CISOs have had to adapt rapidly to ensure business continuity during this time of crisis.
Policies have been quickly revised to address new risks, and new tools and technologies such as MFA and VPNs have been implemented to secure remote access. Adapting to this ‘new normal’ has by no means been an easy process and with the majority of workforces still working from home, CISOs are under increasing pressure to ensure that organisations are maintaining the strictest security controls.
Since the start of the pandemic, there has been a global surge in ransomware attacks. In the last three months alone, there has been a 50% increase in the number of daily ransomware attacks compared to the first half of the year.
The chaos and disruption caused by the outbreak have created the perfect environment for these types of attacks to flourish. Cybercriminals have been quick to exploit any gaps in security, and Covid-19 themed phishing lures have proved a very successful way to deliver malicious links.
In March this year, Google recorded more than 18 million malware and phishing emails on its service every day. Some of the most effective ransomware lures have included information about vaccines, critical updates, financial assistance during lockdown, and free downloads for video and audio conferencing. These carefully crafted phishing emails have enabled attackers to infiltrate networks, encrypt files, and hold organisations to ransom.
Organisations of all sizes across every sector have been targeted but the three industries that have been hit particularly hard have been professional services, healthcare, and technology.
To protect critical data and systems, CISOs have had to remain vigilant against this type of attack and ensure operating systems and applications are up to date. A greater emphasis has also been placed on security awareness training as organisations recognise the importance of educating employees on evolving threats and improving overall security behaviours.
3. Data Breaches
After months of firefighting, the last thing that any organisation needs now is a data breach. Yet the threat of it happening is very real. Since the start of the year, there have been as many as 726 million cyber attacks, exposing a staggering 16 billion records.
The fall-out from a data breach can have massive consequences for a business including; a drop in share price, loss of customers, financial penalties, and damage to reputation. This may be the death knell for any organisation that has already spent the last nine months battling to remain stable and operational during the crisis.
This concern was reflected in a recent report conducted by Forcepoint. The company surveyed 200 CISOs and CEOs across several industries to find out their Cyber Security priorities and plans for the future. 76% of leaders said they were concerned about their organisation becoming the next headline-grabbing data breach.
To prevent this from happening, CISOs will need to develop a robust and comprehensive security strategy that will protect sensitive data, reduce threats, and ensure the reputation of their organisation remains intact.
4. Supply Chain Attacks
Cybercriminals have shifted their strategies and rather than target a company directly, they will attempt to inflict damage by exploiting vulnerabilities in its supply chain network.
Digital transformation has led to the emergence of new service models and a company’s supply network may be made up of lots of different third parties including; manufacturers, suppliers, handlers, and distributors.
This model has opened up lots of security gaps that are being actively exploited during the pandemic. The layering of old and new technologies, often from a variety of vendors with different degrees of security, has enabled cybercriminals to compromise hundreds of organisations at the same time.
CISOs will need to evaluate the risk that these suppliers pose and ensure that they are complying with the appropriate Cyber Security regulations to reduce any risk to their organisation.