Most CISOs feel unprepared to respond to cyberattacks
The role of the Chief Information Security Officer (CISO)
The role of the CISO (or Chief Cybersecurity Officer) is to ensure that his or her organization is well-protected and can effectively deal with cyberattacks, in order to minimize the risk of hacking.
In SMEs, this role is usually played by the IT Director, whose duties are extended to cybersecurity, which is an additional challenge.
In recent years, the role of CISO as a service has also emerged. In this case, an organization hires an external consultant with the experience of a CISO, to help it implement its cybersecurity strategy. The CISO intervenes on a part-time basis (1 to 3 days per week) to take care of its cybersecurity.
The Chief Cybersecurity Officer is on the front lines and acts as the master orchestra in cybersecurity. He or she must deal with daily cyber attacks, guide the evolution of cybersecurity and at the same time act as a strategist and anticipate future attacks. The life of a CISO is therefore full of challenges on a daily basis.
What do CISOs think about their role?
How do CISOs perceive their roles? Do they feel they are in control or not? What are their daily challenges? To get a better idea of how CISOs are perceived, Proofpoint conducted a study called 2021 Voice of the CISO by Proofpoint. It involved more than 1,400 CISOs around the world. The survey covered both SMBs and large organizations.
Here are some of the findings of the survey:
- Security incidents are a CISO's nightmare
- 66% of CISOs feel unprepared to deal with a cyberattack
- 53% are more concerned about the impact of an attack in 2021 than in 2020.
- 58% of CISOs see human error as their biggest vulnerability
CISOs definitely fear the occurrence of security incidents and this is understandable. Indeed, in case of an incident, the impacts can be major (financial loss, prolonged shutdown of production lines, theft of sensitive data, negative impact on the image and reputation of the organization in case of media coverage, etc.). The CISO is paid to prevent this type of situation from occurring.
The most disturbing fact in this study concerns the fact that 66% of CISOs feel unprepared to deal with a cyberattack. In other words:
- CISOs are not sure they can identify if a hacker has entered their network
- CISOs have little knowledge of hackers and their actual level of exposure to cyberattacks
- CISOs don't know which means are most likely to be exploited by hackers to get into their networks
- CISOs lack the preparation to effectively manage a security incident from end-to-end to minimize the impact and get back into production very quickly
And when asked what prevents them from being well prepared, the points below stand out:
- Lack of visibility into network security and inability to anticipate future attacks
- Lack of visibility into telecommuting security
- Lack of visibility into email-related cyber threats
- Difficulty prioritizing actions (too many fires to put out)
- Inability to anticipate the next attack
To help CISOs regain control of their network security, we underlined the following recommendations:
Lack of visibility on network security and inability to anticipate
You can't protect against what you can't see. Any point in your network where you don't have visibility is a blind spot that can be exploited by hackers to gain entry into your network.
Solution: To effectively manage your network security, you need to have full (360-degree) visibility into your internal, cloud, and email IT environment. To do this, you need to (list not exhaustive). To do this, you need to:
- Deploy protection technologies that can quickly detect/block cyberattacks that target you. This is the case, for example, with StreamScan's CDS technology.
- Continuously monitor your network security, 24 hours a day, 7 days a week. Most cyberattacks today are launched by bots that scan the Internet 24/7 for targets, and it's important that your network is monitored at all times. Be sure to include your email solution (e.g., O365) in the monitoring scope, as this is one of the most exploited attack vectors today.
- If you don't have the in-house expertise to monitor your network security, StreamScan's Managed Detection and Response (MDR) outsourced monitoring service is for you.
This allows you to be proactive in managing your cybersecurity, to see current attacks coming and to anticipate future attacks. This is how you regain control of your network security
Lack of visibility on telework
The massive shift to remote working due to COVID-19 has caused IT teams and CISOs to lose control over the security of terminals and computers used to access the network remotely.
Some employees use their own terminals (Bring Your Own Device or BYOD) to access the corporate network. However, the security of these terminals is often not adequate: lack of antivirus, outdated antivirus, outdated operating system, sharing of terminals with other family members, etc.
In addition, unlike working in the office where all employees' Internet browsing is filtered by an Internet browsing filtering technology, when telecommuting, employees access the Internet directly, without filtering. This greatly increases the risk of infection on these terminals.
You need to have full control over the security of the endpoints that access your network when telecommuting...Every poorly secured computer could be exploited to enter your network.
Solution: You need to educate your employees about the security risks of telecommuting. Make sure employees have up-to-date antivirus software on their computers. We strongly recommend that you offer antivirus software (or an EDR) to employees who do not have up-to-date antivirus software, as you minimize the risk of introducing vulnerabilities into your network.
Lack of visibility into email-related cyber threats
Hackers prefer attacks that require the least amount of effort, while allowing them to do the most damage. To that end, they quickly realized that telecommuting offered a great opportunity, especially since few companies have educated their employees about security risks when moving to mass telecommuting.
Thus, rather than attacking networks head-on, hackers have fallen back on email, which has led to an explosion in phishing cases.
For a CISO, the risk with phishing cases is that the more users that are affected, the more the organization will feel that the CISO has completely lost control of the network security. If doubts arise about the CISO's ability to secure the network and the users, rough decisions will be made, which will lead to mistakes and further expose the organization.
The CISO must therefore pay very special attention to email security and take the necessary measures to greatly reduce phishing.
Solution: make your employees aware of the security risks related to email. Also, make sure your email solution is well configured:
- Enabling real-time detection features
- Blocking malicious files and links
- Using multi-factor authentication (MFA) to access emails
- Enabling anti-spam and anti-phishing features
You should also continuously monitor 24/7 for attacks targeting email. It is one of the most used attack vectors today. This monitoring will allow you to be proactive, regain control of email security, and avoid situations that may give the impression of user security floundering or fumbling.
If you use O365, here are 5 things you can do on Office 365 to protect yourself from hackers.
Difficulty in prioritizing actions (too many fires to put out)
Cyberattacks are just exposing and coming from everywhere: email, front-end network attack, telecommuting, VPN, etc. Add to that the fact that attacks are mainly launched by bots that scan the Internet 24/7 looking for vulnerabilities to exploit. While you sleep, your network is powered up.
CISOs are aware of this and have to balance the day-to-day management of the fires that need to be put out with their desire to apply a clear and consistent long-term strategy. Managing the day-to-day becomes a priority, which prevents CISOs from having a clear view of the future.
This prevents them from properly prioritizing their actions, which can result in priority actions being put off until later. This puts the organization at risk.
Solution: define a security action plan with clear priorities and keep the focus on that plan. This is your first priority as a CISO. Apply our recommendations above and you will regain control of your network security, which will greatly minimize our daily interventions. From then on, you can focus on your cybersecurity strategy.
Inability to anticipate the next attack
Ransomware? Financial fraud? Data theft? Phishing? CISOs wish they had a crystal ball to identify the next attack that will target their organization.
With the explosion of cyberattacks, CISOs are aware that at some point, their organization will be the target of an attack. The question is, when will it happen? Not being able to anticipate the next attack makes CISOs nervous, and causes additional stress. Not being able to anticipate the next attack makes CISOs nervous, and causes additional stress, but when it comes to cybersecurity, staying calm is necessary to make the right decisions.
Solution: rather than focusing on what the next attack will be, CISOs should focus on proactive management of their cybersecurity, and practice dealing with attack cases. To do this, they need to:
- Define an incident response plan and test it at least 1 time per year
- Deploy intrusion detection/prevention tools (covering internal network, cloud, email, etc.) and implement 24/7 network monitoring
- Have a partnership with a cybersecurity firm that specializes in incident response, such as StreamScan. If needed, this firm will respond quickly to help the organization isolate the incident and handle it effectively for a quick return to production.
How can StreamScan help you?
- We can help you define your incident response plan and test it to confirm that you are prepared for incidents that may target you.
- We act as your incident response firm. When an incident occurs, you can count on us to help you manage it effectively. We have to our credit the management of several dozen cases of ransomware, data exfiltration, fraud, phishing, etc.
- Our 24/7 warsecurity monitoring service gives you 360-degree visibility and helps you effectively, proactively manage your network security and keeps you safe from cyber attacks. We know the most common ways hackers enter networks and their modus operandi. When monitoring your network security, this knowledge is used to quickly isolate problem cases and address them at the source before they become a problem. Talk to one of our experts.