Security managers receive more board level support following a cyberattack, but cyber incidents are still occurring for majority
New research from cybersecurity specialist Trellix has offered an insight into the plight of the CISO (chief information security officer), responsible for dealing with today’s fraught cyber landscape.
In its new research dubbed the “Mind of the CISO: Behind the Breach”, Trellix found that despite 93 percent (95 percent globally) of UK CISOs receiving support after a cyberattack, this largely fails to prevent future incidents, with over half (58 percent) admitting they have experienced multiple “major cybersecurity incidents” in the last five years.
The Trellix study was conducted by Vanson Bourne, and surveyed more than 500 global CISOs from 1,000 employee (and above) firms around the world. The firms operated across multiple industries, and every single respondent has experienced at least one cyber incident in the last 5 years.
The central thrust of the research from California-based Trellix is that board-level support remains critical in order CISOs to be proactive to ensure a robust cyber defence.
But even that support may not be enough to stop the threat, after the UK findings showed the serious business impact of a cyberattack, with 45 percent reporting some form of data loss after a breach.
Other impacts from a cyberattack include negative reputation damage (37 percent) and business downtime (25 percent).
In the aftermath of a cyber incident, 62 percent of UK CISOs have received what they describe as “a lot more support” from the board. This is welcomed news and a positive development when compared to previous findings, which reported that the vast majority (96 percent) of CISOs found it challenging at the time.
“Raising the urgency and cyber literacy of their own board is one of the CISO’s greatest challenges.,” noted Bryan Palmer, CEO of Trellix. “The research suggests many boards’ willingness to support cybersecurity only happens after an attack. Clearly, it should be the other way around.”
To demonstrate the reactive stance taken by many board following a cybersecurity breach, the Trellix research found following a cyber incident, nearly half (47 percent) of UK CISOs were granted increased budget for additional technology and tools.
And 43 percent of respondents reported that XDR (extended detection and response) is increasingly being viewed as an integral tool, with over a third (37 percent) of UK CISOs reporting turning to XDR to upgrade their current security solutions.
“XDR can actually aggregate and correlate data from multiple sources and, therefore, reduce false positives,” a UK CISO told the researchers. “We see less alert fatigue in the security teams, and XDR allows us to be proactive rather than defensive and post facto, another big difference.”
Why are breaches still happening?
The Trellix research also sought to identify the causes behind major cybersecurity incidents.
The research found that over a third of CISOs cited that the wrong technology or incorrect configuration contributed to failures in detecting an attack, and therefore the likelihood of preventing a subsequent breach.
Other breach findings included:
- 57 percent found that this was due to technological limitations inhibiting countermeasure execution, and 42 percent found that these limitations actively contributed to failures. Manual processes (50 percent) and disconnected security controls (52 percent) left procedural gaps, stifling an effective response.
- 47 percent of CISOs highlighted the inability to respond quickly enough, with siloed security (38 percent) and poor configurations (45 percent) being main contributors.
- For organisations not utilising XDR at the time of the incident, 76 percent felt that it could have lessened the impact; almost all (97 percent) felt it could have prevented a breach altogether.
- When considering the role of employees, almost half (47 percent) of UK CISOs cited a gap in knowledge as a core contributor to the breach. Meanwhile 52 percent noted there were not enough IT skills to deal with the complexity of the incident; with 47 percent identifying lack of SOC (security operations centre) analysts, threat hunters or incident responders.
“From the malicious use of AI to the surge in nation-state threat activity by 50%, cybercriminals are continuing to sharpen their tools and use a range of techniques to infiltrate businesses,” concluded Fabien Rech, GM and SVP EMEA at Trellix.
“Fortunately, this has only led UK CISOs to become more determined and resilient in their commitment to cybersecurity.”
“However, this motivation and confidence can only go so far,” said Rech. “CISOs need to have support from the board and executives so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.”