CISOs Should Rethink Security Approach to Thwart Cyber Attacks
There’s no doubt that the remote workplace triggered by the pandemic is a hacker’s paradise. And that’s evident from the flurry of threat incidents we’ve come across in the last one year or so. A new study by VMware, which too concludes that remote workforce is leading to an increase in cyber threats, further emphasizes that in the current scenario, where ‘business anywhere’ is the norm, security leaders need to change their cybersecurity strategies and stay one step ahead of attackers.
Based on an online survey of nearly 3,500 CIOs, CTOs and from across the globe, the report states that cyber criminals seize the opportunity to take advantage of rapidly advancing innovation and employees to launch targeted attacks, and as digital transformation accelerates, security teams face evolving threats. Nearly 80% of the organizations surveyed experienced cyberattacks due to increased telecommuting, highlighting vulnerabilities in traditional security technologies and regimes.
The researchers find a lack of urgency despite a surge in serious violations. Eighty-one percent of respondents have been breached in the last 12 months, and four out of five (82%) are considered serious. However, security experts have underestimated the potential for serious breaches. Only 56% said they were afraid of serious breaches next year, and just over one-third (41%) updated their security policies and approaches to mitigate risk.
The resurgence of ransomware and remote work has created unpredictable attack surfaces. 76% of respondents said the amount of attacks had increased, with the majority saying it was due to employees working from home, and 79% said the attacks were becoming more sophisticated. I am. Cloud-based attacks have been the most frequent type of attack in the past year, but the main sources of breaches were third-party apps (14%) and ransomware (14%).
Cloud-first security strategies are now universal. 98% of respondents already or will use cloud-first security strategies. However, the move to the cloud has expanded the surface of the threat. Nearly two-thirds (61%) agree that security needs to be viewed differently now that the attack surface has expanded. Forty-three percent of respondents say they plan to increase the security of their infrastructure and apps and reduce the number of point solutions.
Applications and workloads are the CISO’s number one concern. Applications and workloads are considered the most vulnerable points in the data journey. 63% of respondents agree that data and apps need to be more visible to prevent attacks. In addition, 60% of respondents say they are increasingly worried about bringing new applications to market as the threat and damage of cyberattacks grows.
Security concerns are hampering the adoption of Artificial intelligence may be the next frontier of business innovation, but more than half (56%) of respondents say security concerns are hampering the adoption of AI and machine learning.
Rick McElroy, VMware’s Chief Cyber Security Strategist, said, “Organizations need endpoint-to-workload protection to protect their data and applications more securely. As attackers become more sophisticated and security threats prevail, defenders need to be able to detect and thwart attacks and implement security stacks built for the cloud-first world.”
In the next one year, the main focus areas for CIO/CISO will be increased visibility of all endpoints and workloads, responding to the resurgence of ransomware, providing security as a decentralized service, and an essential approach to cloud-first security.
