A new Proofpoint survey showing the global recession and return to post-pandemic conditions is presenting a reality test for chief information security officers.
WHY IT IMPORTANT
The new report, CISO Voice 2023, provides global insights into the challenges, priorities and expectations for information security professionals.
CISOs from the healthcare sector and more than a dozen industries across 16 countries participated in the survey released on Tuesday. Based on their responses to questions about their experiences over the past year and their outlook for the years to come, the findings shed light on “how pressured the global recession is. security budgets and how consistent the CISO must be in promoting the C-suite for Lucia Milica Stacy, Proofpoint’s global resident CISO, said in the opening of the report.
However, many CISOs are finding better engagement with councils on cybersecurity challenges and a better relationship with them. The researchers say they are having greater influence and board-level interactions are happening more frequently.
The survey found that leaders gained “a better understanding of the security landscape and understanding of the threat landscape” this year.
For example, “CISO concerns appear to be filtering through the rest of the C-suite; board members agree that email fraud poses the most pressing threat,” the researchers said. said.
Among the biggest security threats that CISO says they’re aware of:
- Business email compromise – 33%
- Insider Threats – 30%
- Cloud account compromise – 29%
- Distributed Denial of Service Attacks –29%
- Supply Chain Attacks – 27%
- Ransomware Attacks – 27%
- Smishing and vishing – 27%
- Malware – 26%
Proofpoint emphasizes that despite the increasing level of boardroom engagement, it is imperative for CISOs to get support from leadership leading to the resources they need to maintain robust cybersecurity programs.” even when dealing with a difficult business environment.”
“Our adversaries don’t stop in recessions,” the researchers said.
While 61% of CISOs surveyed agree that their organization is not ready to deal with a cyberattack, data governance is an area where some might be overconfident.
More than half of those polled – 62% – say they are confident their organization can detect and remove a threat agent using stolen or compromised credentials before any physical damage occurs.
Proofpoint says that belief can be false.
“While most organizations may have the right endpoint detection and response technology in place, such tools will not warn about compromised credentials,” the researchers note.
To combat data loss, 39% of CISOs surveyed said they train employees on data security best practices; 36% have a cloud solution, 36% have isolation technology to eliminate credential entry on web forms, 35% have a data loss prevention agent; 35% have email security technology and 35% have endpoint security.
While better engagement with leadership has helped assist CISOs in meeting their job requirements, respondents said they were struggling with personal liability risks and the pressures of other stakeholders. excessive expectations.
Up from 49% in 2022 and 57% in 2021, nearly two-thirds, or 61% of CISOs surveyed, say they face excessive expectations.
“With the panic over securing home and hybrid settings behind them, many organizations are now tightening their cybersecurity budgets,” the researchers said.
“The change leaves CISOs with the same goals but with fewer resources to achieve them.”
Proofpoint noted that the healthcare sector accounted for 6% of survey respondents, and those CISOs said they felt the least amount of pressure. The report also found that half of healthcare CISOs say cybersecurity expertise is in their boardrooms – more than CISOs from other industries.
Censuswide conducted the 2023 survey from January 30 to February 7, surveying CISOs from organizations with 200 or more employees and with 100 CISOs interviewed in each country including the US , Canada, UK, France, Germany, Italy, Spain, Sweden, Netherlands, United Arab Emirates, Kingdom of Saudi Arabia, Australia, Japan, Singapore, Korea and Brazil.
TREND TO BIGGER
With the threat of ransomware and other challenges, the number of resignations is increasing. The healthcare IT workforce is also reporting high levels of burnout, so concerns about the mental health of the cybersecurity workforce are growing.
Research by Australia-based mental health support organization Cybermindz has found that cyber professionals “live with the notion that a successful attack that could end their careers may be imminent.” go out.”
This strain is not new to the healthcare sector, where lives are at stake every day. Health system CISOs have recommended regular and rigorous training for enterprise-wide incident response to help build ‘memory memory’ and cybersecurity resilience.
“If you solve a problem the first time, you won’t be able to solve it effectively, so it’s really important to practice regularly to be able to respond to incidents. It’s important to be able to face the incident when it actually happens,” says Anahi Santiago, CISO at Delaware-based ChristianaCare. Healthcare IT News in September.
ON PROFILE
“The fact that CISOs are voicing these concerns is a big step in the right direction,” the Proofpoint researchers said in the report. “And with most feeling a better fit with board members, they have a strong foundation to build on and bring about change. The question is, given the shrinking budgets and the situation long-term talent shortage, do CISOs have the resources they need to do so?”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
