Forbes insights report shows CISOs believe capabilities of attackers are outpacing ability to defend

Monday, 2 September 2019 00:24 -     - {{hitsCtrl.values.hits}}

 

  • Survey reveals how CISOs are shifting priorities and security strategies to manage increasingly advanced threats with limited resources

 

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has announced a new report by Forbes Insights it commissioned titled ‘Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources’. The global survey polled CISOs across various industries about the biggest challenges they’re facing and strategies they’re putting in place to address these obstacles. 

The survey found that 84% of CISOs believe the risks of cyberattacks will increase and almost a quarter believe the capabilities of attackers are outpacing their ability to defend their organisation. This issue is compounded with limited resources, including lack of sufficient budget and skilled professionals as well as a threat attack surface that is quickly expanding and becoming more sophisticated. Because of this, security leaders understand it is critical to have the right strategies in place as they face an arms race between the capabilities of attackers and their own defence postures.  

“The Forbes Insights survey echoes the primary challenges we hear directly from Fortinet customers and prospects. Today’s CISOs are tasked with the challenge of allocating limited funds and resources to the highest-return cybersecurity projects which can range from breach detection to response. These C-level security leaders must maximise security with finite resources, all while balancing strategic leadership responsibilities and tactical issues. Through the Fortinet Security Fabric, Fortinet is providing end-to-end security so that CISOs can navigate a rapidly changing cyber threat landscape day in and day out,” said Fortinet Regional Vice President, India and SAARC Rajesh Maurya. 

Other key takeaways from the Forbes Insights report include:

CISOs are increasingly implementing AI technologies to cybersecurity. 48% of security leaders are focused on seamlessly integrating security into their network operations and 45% are shifting and changing their cybersecurity strategy toward advanced analytics for greater visibility into their environments. AI, like machine learning, and analytics relieves IT teams’ time away from monotonous tasks, so they can focus on business-critical tasks such as identifying anomalous behaviour in their networks and responding to threats quickly.

CISOs would like to allocate more of their budget to detection and response. According to the survey, security leaders are currently allocating an average of 36% of their security budget on response. However, in an ideal world, they would shift their resources from prevention to bolster detection and response. The survey found they’d increase response to be 40% of their budget.  Cybersecurity training and education for employees is key. The Forbes Insights survey found that CISOs believe talent and training constraints have a significant impact on their organisations. As a result, CISOs are paying more attention to educating their own employees on best practices and building cybersecurity awareness in order to prevent and reduce internal threats. 

CISO are constrained by the lack of an adequate budget. While threats are expanding, CISOs find that their resources, including budget, remain limited. A third of CISOs surveyed in the report felt that the lack of an adequate budget is having a significant impact on their cybersecurity program. A top priority for CISOs is safeguarding customer data and intellectual property. More than a third of respondents said protecting their organisation’s brand is top of mind. More than 36% of CISOs selected customer data as the highest priority for protection. A majority of respondents also shared they are focusing on protecting intellectual property as one of the most important assets in their care, which they believe is another core target of most malicious actors.

COMMENTS