{"id":89056,"date":"2023-04-25T08:00:00","date_gmt":"2023-04-25T08:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=89056"},"modified":"2023-04-25T08:00:00","modified_gmt":"2023-04-25T08:00:00","slug":"cisos-under-supported-under-pressure-trellix-finds","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=89056","title":{"rendered":"CISOs under-supported, under pressure, Trellix finds"},"content":{"rendered":"
<\/div>\n

Chief information security officers<\/a> (CISOs) are still failing to get the support they want and need from their boardrooms, with 96% struggling to get leadership to sign-off on resources to appropriately safeguard their organisations, while coming under significant pressure from the exact same people when something goes wrong, according to Trellix\u2019s Mind of the CISO<\/a><\/i> report.<\/p>\n

Trellix reached out to 500 CISOs during the compilation of its study, including 50 in the UK, as well as Australia, France, Germany, India, Saudi Arabia, Singapore, the UAE and the US, and additionally conducted in-depth interviews with 25 of them, five in the UK.<\/p>\n

It found the biggest challenges that CISOs perceive<\/a> are an overload of information sources, a fast-changing regulatory and legal landscape, a widening attack surface thanks to remote work and supply chain issues, a shortage of skilled staff, and a lack of buy-in from other parts of the company.<\/p>\n

Many respondents said that despite the responsibilities they have to juggle, they often felt somewhat invisible to the rest of the organisation. One UK-based interviewee who works in the financial services sector said: \u201cYou are a hero, and held in high esteem, and everything is hunky-dory until it\u2019s not. So when there are no cyber incidents it\u2019s a job that\u2019s well respected. But your head is on the chopping block the moment there\u2019s a problem.\u201d<\/p>\n

Trellix EMEA senior vice-president Fabien Rech said: \u201cFaced with an increasingly complex and ever-evolving threat landscape, CISOs are often under-resourced and stretched too thin. This causes significant stress among 40% of SecOps teams across EMEA, with 43% experiencing major attrition as a result. As an industry, we have seen an observable bleed of talent as cyber security professionals are being asked to do more with less.<\/p>\n

\u201cThese issues are front and centre for CISOs, but surprisingly, the vast majority in EMEA (95%) experience a lack of support at the board level, despite executives recognising the importance of cyber security. While CISOs are responsible for protecting company data \u2013 and by extension, profitability and reputation \u2013 they can\u2019t be expected to do it alone. Executives need to recognise these pain points and invest in the right resources, from hiring talent to integrating new security technology, if they are to support CISOs and their teams.\u201d<\/p>\n

\n

<\/i>Absolute hell<\/h3>\n

Trellix\u2019s researchers found that 85% of respondents had experienced a major cyber security incident once, and 42% more than once, with 80% feeling fully or mostly accountable for the incident.<\/p>\n

\u201cWe carry a lot of risk and potential stress on our shoulders,\u201d another UK-based respondent commented. \u201cIf something does go wrong, a lot of fingers get pointed at our role, even when it\u2019s sometimes not our fault.\u201d<\/p>\n

The top impacts seen in the wake of a large cyber incident included significant stress on the security team, increased insurance premiums, staff attrition from the security team, network downtime, and the loss of customer or employee data.<\/p>\n

Asked about their experience of managing security incidents, one interviewee, working in the US healthcare sector, described it as \u201cabsolute hell, as anybody will tell you\u201d.<\/p>\n

\u201cIt\u2019s the pit in the stomach when you start to hear about it,\u201d they said. \u201cIt\u2019s the whole rollercoaster of \u2018maybe this is nothing\u2019 and then it\u2019s something.\u201d<\/p>\n<\/section>\n

\n

<\/i>Too many cooks<\/h3>\n

In terms of where organisations are directing their security budgets \u2013 which account for about 34% of total IT spend on average \u2013 network detection and response received the most cash, followed by cloud, endpoint security, extended detection and response, and email security. Security operations and analytics were the least spent upon.<\/p>\n

However, the report also highlighted another trend whereby investment in too many tools \u2013 the average organisation reports using 25 individual security services \u2013 causes problems for CISOs, 38% of whom found themselves in a position where they had too many pieces of technology but no single source of truth. The same number said they would appreciate a single integrated enterprise tool to optimise security investments.<\/p>\n

Asked what would be the top qualities in an offering that would improve their overall security posture, 44% of CISOs wanted more visibility into what was going on, 42% to be better able to prioritise alerts that matter, 40% to be able to work better to address multivector attacks, 37% to have more prescriptive and insightful tools, and 37% to have more accurate ones.<\/p>\n

\u201cWe get tool exhaustion at some places where money is just thrown at tools and they\u2019re only using a quarter of it,\u201d said a CISO in the US public sector. \u201cHaving a unified security tool, that\u2019s been built and understood by security people, CISOs, analysts and engineers, and understands their day-to-day work and activities when it comes to certain things, is, I think, something that\u2019s missing.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Chief information security officers (CISOs) are still failing to get the support they want and need from their boardrooms, with 96% struggling to get leadership to sign-off on resources to appropriately safeguard their organisations, while coming under significant pressure from the exact same people when something goes wrong, according to Trellix\u2019s Mind of the CISO […]<\/p>\n","protected":false},"author":1,"featured_media":89057,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-89056","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89056"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89056\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/89057"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=89056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=89056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}