Cybersecurity, CEO Involvement, and Protecting the Edge

70

A couple of cybersecurity reports, released separately by AT&T and Accenture, point to trends in the public sector’s desire to count on the brink – raising security concerns – and the need for CEOs to become more familiar with cybersecurity.

Earlier this year, AT&T released its Cybersecurity Insights report for 2022, and later released a report claiming that the public sector in the United States is ranked as the leading former user in edge computing. AT&T also said it expects to lead this market segment in terms of providing an advantage. The insight report is based on a survey conducted last September on 1,520 security practitioners from the United States, Europe, Central and South America and Asia.

AT&T reports include:

74% of respondents believe that a compromise on the edge is very likely and would have an impact66% expressed concern about attacks on ransomware on the edge66% expressed concern about attacks on user and end devices64% expressed concern about attacks via cloud loads

Meanwhile, a report from Accenture talks about the ways in which CEOs and CFOs view and assess the responsibility of their organizations for cyber security. The report uses data from Accenture’s Cyber ​​Security Resilience Study, which collected data from about 500 respondents.

Some conclusions from the Accenture report:

Only 38% of responsible CEOs and CFOs were convinced that their cybersecurity programs actively protect more than 75% of their organization. Almost all, 91% of CEOs and CFOs stated that IT has the greatest responsibility for cyber security. Roughly half, 47%, of CEOs and CFOs said poor resource allocation prevented them from achieving their organizations’ cybersecurity goals. Another 46% of CEOs and CFOs said the problem was a lack of budget.

Ryan LaSalle, senior executive, Accenture Security, a leader in North America, says he hopes not to see so many CEOs in the study say that responsibility for cybersecurity lies primarily with IT teams and only them. “Still, it takes more work to break down,” he says.

There are some CEOs in charge of cybersecurity, LaSalle says, to improve such things, but such responses are not too widespread. “It is clear that when they do, it is the exception, not the rule.”

The tendency among organizations to simply meet compliance requirements for cyber security can prevent more progressive and proactive approaches, LaSalle says. “It gives you a sense of complacency.” Adherence to compliance rules may be enough to avoid fines, but it can still leave the organization exposed. “In many industries, compliance is a really expensive tape; it’s not a low lane, ”he says.

The unwillingness to openly discuss security incidents has also led to a veil of secrecy that can prevent organizations from learning from each other about such incidents. “The more executives who have gone through this, who share their experiences with other CEOs, the more proactive the network becomes,” says LaSalle.

The nature of cyber threats is in some cases influenced by geopolitical events such as the Russian invasion of Ukraine. As this conflict continues, some bad actors who in the past acted solely for personal gain could use their hacking skills as a form of political support. “We see that cyber criminal groups that were previously motivated only by monetary gain are now geopolitically choosing a side,” says LaSalle. “They see their alliances and loyalty, whether in Ukraine or Russia, now informing them of what they are doing. They attack each other and attack as deputies of the belief systems they are trying to reconcile. ”

This can lead to bad actors using ransomware to politically point out companies they believe are contrary to their country’s interests. “You get a different landscape of threats,” he says. “Businesses must adhere to the motivations of the attackers.” That motivation can affect the tools that hackers put into the game.

Cybersecurity issues may also arise for companies that cease operations in a country or region in conflict, such as an exodus from Russia in response to an invasion. LaSalle says organizations that get out of situations like this need to consider connectivity, access and employees who could be stuck. There may also be increased attention and surveillance from the country they are leaving, as well as retaliation through cyber threats. “You will have to operate in a higher risk position,” he says.

What to read next:

5 questions that every CSO should ask in the middle of the Ukrainian-Russian conflict

Ukrainian crisis, rising threats of cyber attacks Strengthen the case for zero confidence

The Kremlin’s aggression divides digital ecosystems along technological trenches

Comments are closed.