Intelligent CISO Issue 16 - Page 21

cyber trends on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicised, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski. “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.” Having current technology in place is another problem, with 75% agreeing that staying up to date with cybersecurity technology is a challenge for their organisation. This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next. Lack of security expertise, budget and up to date technology IT managers should prioritise supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. According to the Sophos survey, IT managers reported that 26% of their team’s time is spent managing security, on average. Yet, 86% agree security expertise could be improved and 80% want a stronger team in place to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79% saying that recruiting people with the cybersecurity skills they need is challenge. Regarding budget, 66% said their organisation’s cybersecurity budget (including people and technology) is below what it needs to be. “Staying on top of where threats are coming from takes dedicated expertise but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organisations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. “Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.” Synchronised security solves the impossible puzzle of cybersecurity With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats. Sophos Synchronised Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents. The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, an independent specialist in market research, in December 2018 and January 2019. This survey interviewed 3,100 IT decision makers in 12 countries and across six continents in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India and South Africa. All respondents were from organisations with between 100 and 5,000 employees. u www.intelligentciso.com | Issue 16 21