Security News

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy, CISOs at small and medium-size enterprises were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021.

I recently had the opportunity to meet and speak with several luminaries of the global security ecosystem: Roger Hale - Chief Security Officer; BigID, Sounil Yu - CISO and Head of Research at JupiterOne; Debbie Taylor Moore - VP and Senior Partner Global Cybersecurity at IBM Consulting; and Jay Leek, Managing Partner and Co-founder of SYN Ventures. As the aftershocks of 2021 begin to clear, I was interested in getting CISOs' take on ensuing challenges and upcoming hurdles that require the attention of all security and business stakeholders.

While six percent of all professionals claim to be "Highly stressed" due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent. 43 percent said the root cause of their stress is the expectation to always be on call, and 40 percent cite both inadequate existing security stack and insufficient SecOps staff.

Why small businesses may want to pursue virtual CISO. While a Chief Information Security Officer can be invaluable to a company with regards to safety and cybersecurity, some smaller enterprises may want to look into a Virtual CISO to assist with cutting down on expenses. A virtual CISO is that of an independent or contracted employee, who fills the role of a CISO but is not employed full time.

Proofpoint released its annual Voice of the CISO report, which explores key challenges facing chief information security officers. While the world's CISOs spent 2021 coming to terms with new ways of working, many now feel much more in control of their environment: 48% feel that their organization is at risk of suffering a material cyber attack in the next 12 months, down from 64% last year.

Our report reveals that 50% of global CISOs still feel their organization is unprepared to handle a cyber attack and 56% consider human error to be their biggest cyber vulnerability, with established work-from-anywhere setups and The Great Resignation presenting new challenges around information protection. CISOs are more confident about their cybersecurity posture: after two years of unprecedented disruption, CISOs now feel more in control of their environment: 48% of CISOs surveyed feel that their organization is at risk of suffering a material cyber attack in the next 12 months, compared with 64% last year.

Half of global CISOs feel their organization is unprepared to deal with cyberattacks. As part of Proofpoint's "2022 Voice of the CISO" report, it was revealed that 50% of 1,400 CISOs surveyed feel their company is unequipped to deal with a cyberattack, and 48% feel that their organization is at risk of suffering a material cyberattack within the next year.

In this article, I'd like to explore some of the threat detection program challenges CISOs are facing and provide some tips on how they can improve their security operations. CISOs ensure the security operations program for threat detection, investigation and response is executing at peak performance.

Failing to adequately screen suppliers' security can lead to data breaches, which can shut down operations, damage customer trust and incur hefty regulatory penalties. An automated security questionnaire platform can vastly accelerate and scale the vendor security evaluation process.

It is vital that every CISO can offer a clear picture of how their security is really holding up against the latest tactics, techniques, and procedures. A red team exercise may not even need to exploit any technology-related vulnerability; rather, testers can rely on social engineering, phishing, or identifying shadow IT as an entry point.