Research from Bluefort Security shows that the majority of CISOs feel their organisation is at greater risk of cyber security attacks because of home working, and it’s only going to get worse
An overwhelming percentage (75%) of CISOs consider their organisation to be at greater risk of a cyber-security attack due to the transition to home working, with a third admitting they’ve taken their eye off the ball during these past 12 months losing track of leavers and devices, according to a new survey from BlueFort Security, a provider of cyber-security solutions.
The study, which surveyed 600 CISOs from a variety of UK organisations, found that the combination of the COVID-19 pandemic, the resulting accelerated shift to digital, and the ongoing skills gap, have created a perfect cyber-security storm leaving them more vulnerable to attacks than ever before.
A consequence of squeezed budgets and priorities has meant that 30% of CISOs have lost track of movers, joiners and leavers. Moreover, 29% have said they are missing corporate devices. Over a quarter (27%) of CISOs surveyed said gaps in staff cyber-security awareness and knowledge have emerged, and the same percentage (27%) said the same of concerns regarding supply chain partner cyber-security.
More than three quarters (77%) of CISOs admitted their business had experienced a cyber-security incident in the last 12 months. This is despite the fact that almost the same percentage (74%) said their organisation had introduced additional cyber-security measures due to remote working. Almost half (47%) said that mitigating cyber-security threats had been their key priority and 41% prioritised identity and access management over the same period.
Looking to the future, once COVID restrictions have eased, 38% of CISOs expect their organisation to work in a hybrid way (between workplace and home). The direct impact of that is that the majority (85%) of CISOs believe managing cyber risk will become more complicated. For example, nearly half (44%) think their company should introduce a rigorous enforcement of cyber-security policies and sanctions to encourage tighter cyber-security practices.
Other reasons given include managing a remote workforce is more difficult (30%); the threat surface is more disparate and diverse due to hybrid or remote working (26%); it will be less clear where the end-points data is (24%); and there are more threats to worry about (20%).
On a positive note, almost 9 in 10 (89%) respondents state that cyber-security has become more of a priority to their Board in the last 12 months, and CISOs are investing in new technologies to help address these emerging challenges. 35% are looking at automation, 34% at machine learning, and the same percentage (34%) at network detection and response. 32% of CISOs are looking to deploy zero trust architecture and the same percentage (32%) said end-point detection and response. 27% of CISOs said they are looking to deploy AI.
Ian Jennings, co-founder of BlueFort Security commented: “The fact that CISOs have had a particularly tough time these past 18 months isn’t a surprise. What shocked me was the severity of the impact. It’s a sorry tale of a lack of visibility – of their infrastructure, their devices and their people – which has led to poor intelligence and restricted control. The positive takeaway from this is the recognition that new technology will play a significant role when it comes to redressing the balance.”