BY Richard Summerfield

Two-thirds of chief information security officers (CISOs) feel their companies are unprepared for a cyber attack, according to a new report from Proofpoint Inc.

The company’s inaugural ‘2021 Voice of the CISO Report’ examines global third-party survey responses from more than 1400 CISOs at mid to large size organisations across different industries. Throughout the course of Q1 2021, 100 CISOs were interviewed in each market across 14 countries: the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan and Singapore.

According to the report, 66 percent of CISOs feel their organisation is unprepared to handle a cyber attack and 58 percent consider human error to be their biggest cyber vulnerability. These responses are particularly noteworthy given the mass migration of employees to remote working over an unprecedented 12 months. Many CISOs have struggled to create a sense of urgency and priority among employees. Security training and awareness remain a challenge. Accordingly, 66 percent percent of CISOs do not believe their organisations are prepared to cope with an attack.

“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight,” said Lucia Milică, global resident CISO at Proofpoint. “This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments.”

She continued: “With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.”

However, despite many of the concerns voiced by CISOs regarding preparedness, many CISOs do feel adequately prioritised from a budget standpoint. The majority of global CISOs expect budgets to increase by at least 11 percent in the next two years. Sixty-five percent believe their companies will be better able to resist and recover from cyber attacks by 2022/23.

Report: 2021 Voice of the CISO report

BY Richard Summerfield

2020 was a landmark year for cyber security investment in the UK, according to a new government report from the Department for Digital, Culture, Media and Sport (DCMS).

As the UK workforce became largely remote over the last year due to COVID-19, there were record levels of investment in the cyber security sector. The report notes that more than £800m was invested in the sector in 2020, while the number of active cyber security firms in the UK increased 21 percent with almost 50,000 people now employed in UK cyber security.

The report, which tracked the UK’s cyber security industry across a range of indicators between April 2019 and December 2020, also highlighted a nine percent rise in employment in the industry, with more than 3800 new full-time jobs created, bringing the total number of people working in the sector to 46,683.

“The need for cutting-edge cybersecurity has never been greater and this resilient sector is growing, diversifying and solidifying its status as a jewel in the UK’s tech crown,” said digital minister Matt Warman, speaking at the CyberASAP online event. “With more than 3,800 new jobs created, firms – large and small – are doing vital work keeping people and businesses secure online so we can build back safer from the pandemic. I am committed to supporting the industry to reach new heights, create more jobs and lead new innovations in this field.”

The report also found that the sector’s total annual revenue continued to rise, by 7 percent, reaching £8.9bn within the most recent financial year. The sector also contributed more than £4bn to the economy – up 6 percent in the last year, with mainly mature firms driving growth.

The 2020 edition of the report also suggested that more than half of firms (54 percent) are now based outside of London and the South East, with cyber security clusters prospering across the country in areas such as Scotland, Northern Ireland and North West England.

Given the gravity of the situation over the last 12 months, it is, perhaps, unsurprising that the cyber security sector has seen such considerable growth. Businesses have seen a marked expansion in the number and type of cyber threats they have had to confront. Ransomware attacks against UK organisations surged during 2020, for example, while phishing attacks also exploded in volume as hackers sought to take advantage of more employees working from home.

Report: Cyber Security Sectoral Analysis 2021

BY Richard Summerfield

Global losses from cyber crime have increased by over 50 percent since 2018 and now total over $1 trillion per year, according to McAfee’s new global report, ‘The Hidden Costs of Cybercrime’.

The report, produced in partnership with the Center for Strategic and International Studies (CSIS), focuses on the significant financial and unseen impacts of cyber crime worldwide. The study is based on data collected by Vanson Bourne, which interviewed a screened, representative sample of 1500 cross-sector IT and line of business decision makers between April and June 2020, alongside CSIS interviews with government officials, open source material, and IMF income data.

According to the report, in 2019, two-thirds of organisations reported some kind of cyber security incident, while the average cost of an incident to an individual company has now topped $500,000.

“The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, senior vice president and chief technology officer at McAfee.

“While industry and government are aware of the financial and national security implications of cyberattacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs. We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents given the hundreds of billions of dollars of global financial impact,” he added.

There are many factors at play in the growing cost of cyber crime for businesses today. While cyber criminals are better, more accurate and more sophisticated, there is also better and more accurate incident reporting done by organisations.

2020, has, of course, presented its own challenges. With significant increase in remote working brought about by the COVID-19 pandemic, there has also been a commensurate increase in ransomware attacks and phishing-related incidents.

Worryingly, the report noted that 56 percent of the organisations surveyed did not have a plan to both prevent and respond to a cyber security incident. Of those that did, only 32 percent believed it was effective.

Report: The Hidden Costs of Cybercrime

BY Richard Summerfield

A new report suggests that attacks on smart supply chains, medical equipment and the exploitation of real-time operating systems (RTOS) will be the key issues facing companies this year.

‘Cybersecurity Trends for 2020’, the seventh annual report by testing, inspection and certification services provider TÜV Rheinland, is a collaboration between cyber security experts globally, and examines cyber security challenges companies will face in 2020.

Technological developments and changing consumer trends are changing the paradigm for many companies. For example, as the number of smart devices in private households increase, so too do the opportunities for cyber criminals to attack. And as the report notes: “Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers.”

“From our point of view, it is particularly serious that cybercrime is increasingly affecting our personal security and the stability of society as a whole,” explains Petr Láhner, business executive vice president for the business stream industry service and cyber security at TÜV Rheinland. “One of the reasons for this is that digital systems are finding their way into more and more areas of our daily lives. Digitalisation offers many advantages - but it is important that these systems and thus the people are safe from attacks.”

The report identifies seven top cyber security trends which companies must aware of in 2020 – (i) companies having uncontrolled access to personal data carries the risk of destabilising the digital society; (ii) smart consumer devices are spreading faster than they can be secured, (iii) the trend toward owning a medical device increases the risk of an internet health crisis; (iv) vehicles and transport infrastructure are new targets for cyber attacks; (v) hackers target smart supply chains; (vi) threats to shipping are no longer just a theoretical threat but a reality; and (vii) vulnerabilities in real-time operating systems could herald the end of the patch age.

Report: Cybersecurity Trends for 2020