Cybercriminals are more lethal when they share intelligence
According to new research, as Chief Information Security Officers (CISOs) step up their game to fend off rising volumes of attacks against their organisations, they are faced with mounting “security debt.”
Despite dealing with a “well-organized” criminal industry, CISOs are improving their ability to repel several cyber attacks, according to a study by cybersecurity experts F-Secure.
Cybercriminals are normally better-equipped than CISOs, owing to the fact that they exchange intelligence between themselves; nearly three-quarters of CISOs often believe cybercriminals are quicker than they are.
Despite high-profile ransomware attacks, hackers are becoming more involved in service and affiliate models as their effectiveness increases. CISOs, on the other hand, are familiar with the motivations of various cybercrime organisations. Almost all i.e. 96 percent said that they are motivated by monetary benefit.
About two-thirds i.e. 69 percent of respondents said cybercriminals’ attacking capabilities had strengthened in the last 12 to 18 months.
Having the appropriate detection technologies is crucial
CISOs, according to Michael Greaves, F-Secure’s security advisor for Managed Detection and Response, are doing well amid “pervasive security debt” because they have made the right investments.
Commenting on the cyberattacks, Michael said “However, it is the incidents that haven’t been discovered which worry us most,”
He added “Because of the sophisticated nature of some of these attacks, organizations may not have the technology or people to identify they are in the middle of a compromise that, for example, may result in a ransomware deployment months down the road.”
When it comes to sophisticated, difficult-to-detect threats, the majority of CISOs i.e. 71 percent believe their employees are the weakest link in their cybersecurity chain. Cybercriminals may use social media to initiate phishing, ransomware, or Business Email Compromise (BEC) attacks, they fear.
Further elaborating on the concept of a responsible workforce, F-Secure’s respondents stated that securing the mobile or remote workforce is especially risky, owing to their devices being isolated from conventional controls.
The overwhelming majority of CISOs i.e. 71 percent said that their ideas about what constitutes “good security” have recently changed.