Are CIOs losing the cyber security battle?

Nine out of 10 CIOs in a recent survey believe staying up-to-date with cybersecurity technology is a challenge

Are CIOs losing the cyber security battle? - CIO&Leader

CIOs and security teams spend a good number of their work hours managing security. Yet they are challenged with issues, such as a lack of expertise, budget and up-to-date technology. And as a result of which they are struggling to plug all the security gaps, according to a new report.

In a recent research report by Sophos, titled ‘The Impossible Puzzle of Cybersecurity’, conducted through a survey by Vanson Bourne, researchers polled 3,100 IT managers across 12 countries including India. The respondents, mainly CIO, CISO and security professionals, who worked for organizations between 100 and 5,000 users, reported difficulties in protecting their infrastructures, leading to a large number of successful hacks.

IT low on expertise, budget and technology

As per the survey, globally, two out of three organizations (68%) suffered a cyber attack in 2018 that they were unable to prevent from entering their network. Nine out of 10 (91%) said they were running up-to-date cybersecurity protection at the time.

Coming specifically to Indian businesses, the survey, Indian CIOs and IT managers reported that 32% of their team’s time is spent managing security, on average. Yet, only 8% believe they have strong team in place to detect, investigate and respond to security incidents.

“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” says Chester Wisniewski, principal research scientist at Sophos.

Regarding budget, eight out of 10 respondents said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with almost everyone agreeing that staying up-to-date with cybersecurity technology is a challenge for their organization.

This lack of security expertise, budget and up-to-date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next.

Lesson for CIOs

Despite taking tangible steps to reduce their cybersecurity risk, a question that comes to mind is, ‘Why are companies still getting hit and more than ever?’ The report clarifies that there are some security holes not being plugged and it is here that CIOs need to pay greater attention.

For example, the report explains, an up-to-date malware signature list won’t stop attackers hijacking your accounts, while rock-solid authentication won’t help if you’re not protecting your computers from ransomware. “Good cybersecurity demands defense in depth and proper risk assessment so that you can protect your weakest spots from attack first,” says the report.

The survey also revealed that companies are facing attacks via multiple channels, including email (33%) and web (30%) among others. Software vulnerabilities and unauthorized USB sticks or other external devices were also common attack vectors. Perhaps even more worrying is that 20% of CIOs didn’t know how their networks were compromised.

With cyber threats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.

“If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow,” explains Wisniewski.

He believes that having a security ‘system’ in place helps alleviate the security skills gap CIOs are facing. “It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate,” he concludes.

Racing Archives


Add new comment