Most organizations suffered a cyberattack in 2020, and many executives have come to believe that suffering multiple attacks a year is inevitable.
This is according to a new report from cybersecurity experts at Proofpoint, which polled 150 Chief Information Security Officers (CISO) and Chief Security Officers (CSO) on their organizations' cyber-preparedness.
More than half (53 percent) suffered at least one “significant” attack last year, and 14 percent anticipated multiple attacks. A similar pattern is expected this year, as almost two thirds of the respondents (64 percent) believe their business is at risk. The bigger the company, the more confident executives are of suffering an attack.
Proofpoint says the most worrying part of the report is that more than a quarter (28 percent) don’t consider these threats a cause for concern.
Most CSOs and CISOs agree that the human factor is the weakest link in the cybersecurity chain. According to those surveyed, employees are always most likely to leak data or bring about an infection, irrespective of the security tools in place. And when they do, it’s mostly ransomware.
Having data held hostage is the biggest cybersecurity threat this year, followed by cloud account compromise and phishing.
To tackle the issues, most companies are looking to better educate their employees, but certain roadblocks remain. Boards of directors don't seem to be all that interested in this type of training, so CISOs and CSOs are often left understaffed and underfunded.
“It’s encouraging that the majority of IT leaders are showing awareness of the risks and challenges they face,” said Andrew Rose, Resident CISO (EMEA) at Proofpoint.
“However, it is a little concerning to see a that attack vectors such as Business Email Compromise are not as highly prioritized as they could be – given that they are more commonplace than ransomware, and still create massive financial losses. The fact that employee awareness is high on the list of priorities is positive, as regular and comprehensive training is vital to building a security culture, which can protect your firm."
"A people-centric strategy is a must for organizations, and that starts with identifying the most vulnerable users and ensuring they are equipped with the knowledge and the tools to defend themselves and the business.”