CISOs Find Cyber Security Efforts Need More Coordination

A majority of respondents said their Board of Directors had not been briefed on their organization’s cybersecurity strategy in the last 12 months.

it security and cisos

Chief information security officers (CISOs) foresee cyber terrorism and cybercrime posing significant risks to their organizations over the next three years, according to a survey of 1,006 cyber security CIOs, CISOs and senior IT leaders, commissioned by Raytheon in partnership with the Ponemon Institute.

A majority of respondents (78 percent) said their Board of Directors had not been briefed on their organization’s cybersecurity strategy in the last 12 months.

In addition, 66 percent of respondents said they believe senior leaders in their organization do not perceive cybersecurity as a strategic priority.

"Our survey showed that CISOs anticipate their top three challenges, each scoring more than 43 percent of respondents, as an inability to hire and retain expert staff, a lack of actionable intelligence, and an inability to minimize employee- driven risk," Michael Daly, chief technology officer of Raytheon’s cyber business, told eWEEK. "Lack of funding and lack of suitable technologies also scored high with more than 33 percent each."

Less than half of respondents (47 percent) believe their organizations take appropriate steps to comply with the leading cybersecurity standards, and just one-third of those surveyed believe their organizations are prepared to deal with the cybersecurity risks associated with the Internet of things (IoT) and the proliferation of IoT devices.

"Internet of Things devices and supporting cloud services will definitely become more important for business in the future, whether the businesses actively pursue the technology or simply watch it happen," Daly said. "The threats result from the lack of hardening of these devices, allowing them to be used by malicious actors as a hiding and operating location."

He noted that IoT devices collect data about the business operations and personnel that a threat actor could use to facilitate other crimes, and he warned that many of these devices are not going to be patched and maintained properly over time, increasing their vulnerability to exploitation.

Fewer than half of all respondents (47 percent) felt their organizations have sufficient resources to meet cybersecurity requirements, while two-thirds of those surveyed indicated their organizations need more knowledgeable and experienced cybersecurity practitioners.

Nearly half (47 percent) of respondents believe zero-day threats will become one of the most prevalent cyber threats, and more than one-third (35 percent) believe attacks on critical infrastructure will become one of the world’s five most prevalent threats.

Senior IT leaders said they see the use of virtual currencies as a low risk to their organizations today, but becoming a very high risk to their organizations in the future.

Surveyed CISOs believe that when it comes to cybersecurity, the three most important technologies in the future will involve big data analytics, forensics and next-gen firewalls.

"Big data allow us to see patterns of life and patterns of system behavior. These patterns then permit us to identify outliers - the aberrant behaviors that could be indicators that something or someone is doing something inappropriate," Daly said. "There is also risk in our societal collection of so much data describing our patterns of life. An adversary could use this information against us in a time of conflict to disrupt critical infrastructure, supply chains, and emergency response procedures."