CISOs uphold security defences throughout COVID-19, study finds
Business security continues to be resilient even in the aftermath of COVID-19, according to new research from ClubCISO.
The findings from the eighth annual Information Security Maturity Report reveals the current view of security issues facing businesses across the globe, indicating that years of innovation and hard work from CISOs has upheld security defences throughout COVID-19.
However, new ways of working and a fragmented workforce has created unprecedented pressure on CISOs and their security teams.
This year’s report once again shows stress and understaffed teams remain a key issue for CISOs and their employees, highlighting the need to address the growing skills gap the industry is facing, the researchers state.
Despite this, CISOs and security teams have reported positively on their organisations’ performance over the last year, citing improvements in overall security culture and resilience; 69% say their organisations’ security postures were improved or unchanged by COVID-19.
Furthermore, 88% of CISOs surveyed believe their security capabilities have held up over the last twelve months - a much stronger result than when asked in the early days of the pandemic (77%).
This shows the years of innovation and hard work to ensure rigorous capabilities has paid off for CISOs and their organisations, the researchers state.
COVID-19 has also provided CISOs with the opportunity to further support the need for change within their organisations and reinforce security as a key business function.
In fact, in 2021, 55% of CISOs say their boards take a balanced view, prioritising prevention and response in equal measure when it comes to their defences - a significant jump form 38% in 2020.
In addition to this, 86% of CISOs believe their organisation now views security as being as important as they do; a considerable increase from 65% pre-pandemic.
Even so, CISOs have experienced significant challenges. For one, criminals have exploited the COVID-19 situation over the last twelve months.
Furthermore, remote working and the very nature of a fragmented work force has led to an increase in entry points and vectors of attack that criminals can take advantage of.
The most common vector of attack reported was social engineering, including phishing, voice calls and whaling, (32%), followed by compromised credentials (25%).
ClubCISO chair Stephen Khan says, “This year, our ClubCISO Information Security Maturity Report highlights some significant improvements to global business security functions and improvements to organisations’ security culture.
"Though the pandemic has increased the risk of security breaches, with more sophisticated and numerous attacks taking place, security teams have adapted well and have used the unprecedented situation brought about by the pandemic to highlight the importance of security and increase their organisations’ understanding of it.”
On the role of the CISO in the current landscape and key security trends, Manoj Bhatt, ClubCISO advisory board member and head of cyber security advisory at Telstra Purple says, “Given today’s unrelenting threat landscape, CISOs have arguably the toughest jobs on the organisational chart.
"The CISO must be available to many different departments and remain ahead of the curve in an ever changing threat landscape, across all areas of cyber security. This causes added stress which will filter down to members of the team."
He says, “However, it’s encouraging to see that security is being taken even more seriously than before. Accelerated digital transformation during the pandemic has allowed projects to move at a faster rate, such as security awareness programmes, enabling remote access, and security monitoring.
"Confidence in the ability to meet security objectives has improved against last year too.
"Board members are realising the importance of balancing prevention and response capability, although it remains to be seen whether this has become an enduring sentiment in the boardroom.
"CISOs and board members must now continue to work and maintain those relationships beyond just crises and emergencies.”