The responsibilities of a Chief Information Security Officer (CISO) are forever growing as the cyberthreat landscape develops. The task of keeping up with these evolving threat vectors is no mean feat, and the pressure is on to achieve top results at speed. Needless to say, a lot can come to weigh on a CISO’s mind.
Organisations are frequently being targeted by cybercriminals and they must be quick out of the gate when an attack occurs. However, Deep Instinct’s SecOps report reveals this is not always the case. On average, the UK response time to a cyber breach is 20.9 hours. That’s more than two working days. Not only will their data be long gone, but adversaries will have plenty of time to infiltrate other areas of the network and increase their take.
The delay seems to be creating a somewhat despondent attitude to security, with 86 per cent of UK organisations stating they don’t think it’s possible to prevent all ransomware and malware attacks. Even though cyber attacks appear to be inevitable, we shouldn’t just roll over and accept this fate. Teams must rise up and fight fire with fire.
The first step is to recognise the challenges that need addressing.
So, what are the main causes of concern?
The daily concerns of a CISO cover extensive areas of a business’s operations. There are countless numbers of potential weaknesses in one system, and it can be a monumental task to secure them all.
One issue that’s causing havoc for CISOs and their teams is the rising volume of security alerts and the high number of false positives they bring. Notifications that alert businesses to potential threats and breaches should be a vital part of a security strategy, but instead, they can present a serious threat. When teams are receiving thousands of alerts each day, the time it takes to investigate every single one undermines the entire purpose. Additional resources are often assigned to resolving these alerts taking the focus off basic cyber hygiene.
Beyond this, one of the main takeaways from our research is that attackers use an array of tactics to breach networks – and this is one of the biggest concerns for CISOs. Even if a company successfully blocks an attack one day, there’s no guarantee of the same result the next time.
Here are a few more elements of security that remain concerns for CISOs.
Endpoints have always been potential weaknesses in a business network, but the dissolving perimeter and increased hybrid workforces have exacerbated this vulnerability. As endpoints now represent the growing attack surface, 31 per cent of security professionals are committed to installing as many endpoint protection solutions as necessary in order to keep the network secure.
However, there is still concern around balancing security with productivity. If an increase in security measures impacts system performance, then teams may be reluctant to move forwards with it.
The last year flipped security on its head. Permanent offices became a distant memory and homeworking took hold of the modern workforce. Even now, very few teams are committing to returning to offices full time and instead have adopted the hybrid model.
The impact of this major change is clear as a mere five per cent of security professionals, from both large and small companies, stated they have no security concerns about the hybrid workforce. The main two concerns regarding this future way of working are teams being able to ensure employees have secure remote access and preventing the use of unapproved services. The speed at which teams were forced to adapt meant that a huge proportion of visibility was lost, and it’s been a priority to try and claw this back.
At the centre of a CISO’s role is an element in all security strategies that can be the most unpredictable. People.
Human workers hold a vital role in any cybersecurity plan, but they are often targeted by attackers as they are perceived as being the weakest link. Armed with extensive social engineering techniques, criminals are well prepared to take on the defence line of employees, picking out the vulnerable and using them to gain access to the network. And unfortunately, no matter how much training is given to workers, adversaries will always find a way through.
CISO concerns are evident, with only 14 per cent of research respondents confirming complete confidence in their employees’ abilities to identify malware.
What does this mean for CISOs?
The sheer number of daily concerns for CISOs calls for greater control over the security stack. The time pressure of investigating threats and mitigating risks, combined with the ongoing SecOps skills shortage, makes a CISO’s role incredibly challenging.
One thing is certain – traditional security solutions are no longer enough to defend against advanced cyberattacks. CISOs have lost confidence in their abilities and so it’s time for a change. Strategies must move beyond mitigation and reaction and should instead adopt a proactive approach.
Become an opponent, not a victim
Reassessing their security strategies will help businesses level the playing field and improve their chances of thwarting adversary attacks. Having to chase after various alerts without sufficient resources can cause greater challenges for teams, which is why automated processes have become more and more critical.
Machine learning (ML) has been the go-to solution for businesses looking to automate their processes and free up employee resources for more high-value tasks. Unfortunately, cybercriminals have caught on, and have developed ways to manipulate ML for their own uses, leaving organisations with an even wider attack surface.
However, there is an advanced solution that can offer the next level of defence to fight against this new wave of threats. Deep learning (DL) is an advanced subset of ML and essentially replicates the neurological networks of the human brain. This technology works independently from employees and uses raw data to learn how to differentiate malicious code from benign. Unlike ML, it does not use pre-classified data. Over time, the system will learn to recognise incoming known and unknown threats, providing organisations with end-to-end proactive protection. By removing the need for human support, DL allows teams to reallocate resources on areas of security that most need attention. The system can automatically assess and respond to false positives so that teams are only made aware of those that require further action.
CISOs should feel supported in their role, and they need to feel confident that their employees and the processes in place will provide an effective line of defence for the business. With deep learning, SecOps teams can prioritise high-value tasks knowing that the technology in place is working hard to keep the new business perimeter secure from incoming attacks, and therefore, put the CISO’s mind at rest.