Chief Information Security Officers are feeling less confident than ever about cyber-risk and data security this year, a new survey from data and privacy research leader Ponemon Institute shows. As today’s climate of high-profile data breaches continues, 67% of respondents believe their companies are more likely to fall victim to a cyber attack or data breach in 2018. And, 60% are more concerned about a data breach from a third party, such as a partner or vendor.
Surprisingly, the top security threat on CISOs’ minds isn’t technology, hackers or even malware but the human factor, with 70% of CISOs calling “lack of competent in-house staff” their number one concern and 65% stating “inadequate in-house expertise” as the top reason they are likely to have a data breach. Respondents also believe it’s highly likely they’ll experience credential theft due to a careless employee falling for a phishing scam, a 65% chance, even more likely than a malware attack, a data breach or a cyber attack.
Other key factors singled out as likely reasons for data breaches include the inability to protect sensitive and confidential data from unauthorized access (59%); inability to keep up with the sophistication of the attackers (56%); and failure to control third parties’ use of sensitive data (51%.)
Disruptive technologies are also a concern, with IoT devices considered the most challenging to secure (60% of respondents), followed by mobile (54%) and cloud (50%.)
Despite the risks, less than half believe their IT security budgets will go up.
On the positive side, more than a third do see a path to a stronger cybersecurity posture, and half say their Boards are becoming more involved in IT security, providing more internal support. Top areas CISOs identified that could drive improvement included cyber-intelligence, staffing and leadership – underscoring once again the importance of humans to information security – as well as technology improvements.
Ezentria recommends several best practices, including evaluating the security and privacy practices of all vendors and third parties; creating an inventory of all third parties; and improving security posture using ongoing monitoring. It’s critical that companies reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability.
Contact Ezentria today for more information and to discuss your organizations readiness.