Worse than Ransomware? CISOs Share their Biggest 2018 Concern
Data breaches, cyber attacks, ransomware – these things undoubtedly weigh heavily on the minds of modern day CISOs, but not as heavily as one might think. All three of those perennial hot button issues fell short of the top spot in a recent study by The Ponemon Institute of the biggest concerns security and technology executives have for 2018. Instead, the thing they’re most worried about is already in the house, to borrow a classic horror movie trope.
An overwhelming 70% of CISOs surveyed admitted to being concerned about a lack of competent in-house staffers. Those doubts about the security capabilities of the members of their teams rear their head time and again on this survey. Rounding out the rest of the top five in terms of CISO concerns are:
- Data Breaches (66%)
- Cyber Attacks (59%)
- Inability to Reduce Employee Negligence (54%)
- Ransomware (48%)
Elsewhere in the study, CISOs were asked to predict how their employers’ 2018 would play out. Once again, pessimism regarding staffers reared its head. Nearly two-thirds (65%) said: “A careless employee falls for a phishing scam that results in credential theft.” That answer came up more often than “A significant disruption to business processes caused by malware” (61%) and “significant downtime” caused by cyber attacks (59%).
Business takes a turn for the less secure
Perhaps the most troubling thing in all of this is that security pros seem to feel the business is moving in the wrong direction. Ponemon’s research also found that more than two-thirds (67%) of CISOs believe their organizations are more likely to be victimized by a data breach or cyber attack in 2018 than they were previously.
Among those organizations who feel more likely to be breached, the finger was once again pointed at staffers. Nearly two-thirds (65%) of those surveyed felt their business’ lack of “in-house expertise” is what would come back to bite them in the form of a 2018 data breach. Interestingly enough, further down that same list of potential data breach causes, was an answer that might also shed light on a possible reason for that lack of in-house expertise. Roughly 36% of leaders said their employer isn’t “providing enough training to prevent negligent behavior such as falling for a phishing scam or sharing passwords.”
These findings correlate with Arraya’s own research on the topic. At our Open House last year, we polled IT professionals from across the Mid-Atlantic region about their most painful security challenges. Any guess as to what took the top spot? Once again it was employees. Just under half of our respondents in our poll (46%) said their top challenge was “Protecting my employees from themselves while maintaining productivity and innovation.”
Next Steps: Overcoming security pessimism
It’s easy to come away from Ponemon’s survey – and our own – feeling pessimistic about the state of cyber security today. However, that negativity doesn’t have to be the reality CISOs and their employers contend with this year.
Arraya’s Cyber Security Practice can help position businesses for the cyber security realities of this year and beyond. We can provide training and awareness programs to transform staffers from a security liability into a reliable first line of defense. In addition, through our Managed Services team, we can supplement those staffers with additional hands-on cyber security expertise. Our team can manage and monitor every part of a business environment, alerting organizations to threats, deploying patches, and identifying trouble spots before they can do damage.
To learn more about how Arraya’s Cyber Security team can help your business plan, protect, and prevail against evolving threats, visit: https://www.arrayasolutions.com//contact-us/. We can also be found on social media: LinkedIn, Twitter, or Facebook. Feel free find and follow us on any or all of those sites so you can comment on our blog posts. You’ll also be the first to know about our latest industry insights, exclusive educational opportunities, and more.
