97% of CIOs Troubled by Cybersecurity Threat
The cybersecurity threat is real. And CIOs are concerned about the possibility of unwanted intrusion happening to them.
Fresh research by Opengear finds that nearly 100% of U.S.-based chief information officers (CIOs) said they are uneasy about cybersecurity threats. It further found that CIOs share various immediate cybersecurity concerns, all accentuated by the firm's research.
According to the report, 42% of CIOs are concerned about malware, while 34% share concerns about spam and phishing. Social engineering came in at 31%, with insider threats following closely behind at 30%. Network engineers also said that malware has emerged as a "significant cybersecurity threat" at a rate of 42% of those surveyed.
There is a real cause for concern, with the level of attacks on the rise, according to CrowdStrike's 2023 Threat Hunting Report. During the past year, the volume of interactive intrusion activity in industries such as financial services rose by more than 80%.
"North Korean adversaries are the most aggressive state-sponsored adversaries to target the financial sector," the report highlights.
Network Engineers Prepared to Walk Away
A mere 23% of U.S. CIOs said they were troubled by the thought of distributed denial-of-service (DDoS) attacks as a cybersecurity threat, while 38% of network engineers conveyed a "heightened" level of apprehension toward DDoS attacks, "most likely due to their proximity to the network," the report noted.
A lack of investment, say U.S. engineers, makes the risk of cyberattacks and/or downtime a higher probability, 59% of respondents said.
"This suggests that lack of budget spent on software and network upgrades," the report's authors wrote.
This lack of investment in software and network upgrades led 97% of CIOs in the U.S. and 88% of CIOs globally to admit that upgrading said systems is a top priority. All this leads to one sobering determination: Twenty-seven percent of U.S. network engineers said they actively ponder leaving their jobs because of scarce budgets, a contrast to the global average of 21%.
Wait, Don't Click that Email Link
A separate report by Hornetsecurity focuses on the top threats to consider for 2024 and finds that phishing attacks remain the top cybersecurity threat for email, accounting for some 43% of attacks.
Malicious URLs, however, spiked from less than 13% to nearly 31% when compared year-over-year. Overall, malicious email attacks rose by 144% in 2023, compared to 2022.
Phishing attacks are the most common email attack technique. There was an increase of nearly 4% in 2023, growing from approximately 40% to more than 43% of all email attacks.
Cybersecurity Threat: Brand Impersonation On the Rise
It is what it sounds like. Fraudsters impersonate popular brands to get your valuable data. When examining 45 billion emails, Hornetsecurity's report found that nearly 4%, or more than 585 million, were seen as a malicious cybersecurity threat.
"This represents the widespread nature of the risk, with a vast number of emails posing potential threats," the report's authors note, adding, "Threat actors are savvy and adaptable."
In the last year, following Microsoft disabling macros by default in Office, there was a significant decline in the use of DOCX files by 9.5% and XLSX files by 6.7%.
Cyber attackers looked for HTML files at a rate of 37%, PDFs came in at 23%, and archived files at 21%, with HTML file usage being what the report called a "particularly notable trend," with usage rising by nearly 77% year over year.
Brand impersonation continues to rise, with cybercriminals preying on unsuspecting victims. Typically, they do so by soliciting sensitive information via phishing schemes.
"Shipping and e-commerce emails should be regarded with caution, with DHL accounting for 26.1% of all impersonations, Amazon at 7.7%, and FedEx at 2.3%. All three were in the top 10 most spoofed," the report warns.
LinkedIn and Microsoft were also spoofed, at a rate of 2.4%, while Netflix hit 2.2%.
Which Industries Are Most at Risk?
Hornetsecurity's findings unearth something alarming — no industry is safe from cybersecurity threats. It further notes that if an organization can pay a ransom, it is a likely target for cybercriminals.
"However, some industries are at a slightly increased risk," the company cautions.
Research industries are at high risk because of their intellectual property. And entertainment companies get attacked due to the large sums of money they handle. We saw as much this year with attacks on MGM, which caused them to fork up more than $100 million due to ransomware episodes.
The report also found that the manufacturing sector often gets targeted because of its use of IoT devices that lend easy access to intruders if they are not well secured.
Heed This Sage Advice from Check Point Security
As with most things, cybersecurity can appear daunting, but Pete Nicoletti, global CISO at Check Point Software, says there are some things CIOs can do to combat threats in 2024.
Check Point's Pete Nicoletti
Nicoletti urges updating email protection.
"Ransomware initiated from phishing email remains the No. 1 vector of compromise," Nicoletti told Channel Futures. "The smart CIO will consider upgrading their email protection with the highest efficacy tools."
Next, Nicoletti recommends replacing legacy gateway-based products, which he said "are not keeping pace with the new threats and AI-enhanced API-based tools that are near 99% effective." He also believes that endpoint tools are the next layer of defense, saying that CIOs must consider efficacy first, not price.
"Other large-scale events brought our attention to expediting our zero-trust journey. That journey begins with upgrades to your authentication and multifactor authentication program," he said.
Next, microsegmentation is what Nicoletti called "a critical step" to ensuring a single breach does not spread throughout an entire organization and shut everything down.
Nicoletti noted that the concept of cyber resilience will go mainstream in 2024, saying it will become a board-level discussion in 2024 "with CIOs needing their plans and programs developed and deployed."
About the Author
You May Also Like