Cyber Expo

C-suite security strategies may be misguided

Written by David Adams
22/02/2018

UK executives of companies affected by security breaches may have the wrong priorities, basing responses to breaches on short-term concerns and taking misguided security investment decisions, according to research by security provider Centrify.

Almost two-thirds (63 per cent) of respondents said they thought the costs of investigation, remediation and legal assistance were the most important consequences of a security breach. Less than half (47 per cent) cited disruption to operations and less than a third (32 per cent) thought possible loss of intellectual property was the most serious negative consequence of such a breach. Only 16 per cent cited loss of customers and only 11 per cent damage to the company’s reputation as their biggest concern.

Although malware was cited by the most respondents as the most dangerous security threat facing their company, more organisations that had suffered an attack said it had been caused by privileged user identity-based deception or by an attacker using a stolen or weak password. Both of these causes were cited by 21 per cent of respondents that had suffered an attack, compared to only 11 per cent of cases where the attack was caused by malware.

Centrify points out that these findings are in accord with those of the Verizon 2017 Data Breach Investigation Report, which suggested that 81 per cent of security breaches were caused at least in part by weak, default or stolen passwords.

Barry Scott, CTO, EMEA, at Centrify suggested that media coverage of major cyber attacks may be the reason why so much focus is placed on the threat posed by malware, “when in fact identity-related attacks – such as stolen or weak passwords and attacks on privileged users … are the primary threat to cybersecurity today.” He urged business leaders to use “a Zero Trust Security approach that verifies every user and every device and provides just enough access and privilege.”

Other suggestions as to where security resources should be directed, alongside confirmation of the expense caused by such attacks, can be seen in more new research findings. Over half of the cyber attacks that hit respondents to the Cisco 2018 Annual Cybersecurity Report resulted in financial damage of more than $500,000, including lost revenue, lost customers and lost business opportunities.

The report, based on interviews with 3,600 CISOs, reveals an increase in complex cyber attacks on organisational supply chains, suggesting organisations should try to encourage more testing of third party providers’ security posture.

It also suggested that attackers are targeting outsourced cloud services. Although cloud infrastructure usually has strong security, Cisco’s research shows that attackers are targeting them anyway, because it is harder for end user organisations’ in-house security teams to extend full use of best practices and more advanced security technologies, such as those based on machine learning, to off-premises cloud environments.