Many CISOs are drowning in ‘security debt’

Sharing intel makes criminals dangerous

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

As Chief Information Security Officers (CISO) step up their game in order to fend off increasing volumes of attacks against their organizations, they’re met with mounting “security debt”, new research has said.

A report from cybersecurity expertsF-Secure, found that despite facing a “well-organized” criminal industry, CISOs are getting better at repulsing many attacks.

Criminals are usually better-equipped than CISOs, mostly because they share the intelligence amongst themselves, with almost three-quarters of CISOs said criminals were also faster than they were.

Despite high-profileransomwareattacks, criminals are also increasingly interested in service and affiliate models, as they increase their effectiveness. CISOs, on the other hand, understand the motives of various cybercrime groups. Almost all (96%) believe they are driven by financial gain.

Overal, over two-thirds (69%) said that criminals had improved their attacking capabilities in the last 12 - 18 months.

Having the right detection technology

For F-Secure’s security advisor for Managed Detection and Response, Michael Greaves, CISOs are doing well despite “pervasive security debt”, mostly because they made the right investments.

“However, it is the incidents that haven’t been discovered which worry us most,” he says. “Because of the sophisticated nature of some of these attacks, organizations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

And speaking of sophisticated, hard-to-detect attacks, most CISOs (71%) fear employees are the weakest link in their cybersecurity chain. They worry criminals may use social channels and launch phishing, ransomware, or business email compromise (BEC) attacks.

Further expanding on the idea of a liable workforce, F-Secure’s respondents said it is particularly risky securing the mobile orremote workforce, mostly due to their devices being separated from the traditional controls.

A vast majority of CISOs - 71% - report that their ideas about what constitutes “good security” has evolved recently.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time