DirectDefense Identifies Top Three Challenges for CISOs in Building a Strong Cybersecurity Program in Latest Report
Lack of people, budget and time give CISOs cyber anxiety about the next attack
DENVER – Oct. 29, 2024 – In a new report, DirectDefense, a leading information security services company, identified the three most common challenges that impact CISOs trying to establish a strong and reliable cybersecurity program. The new report “Combat Cyber-Anxiety with More Powerful Security” includes myriad data points supported by personal experience from DirectDefense President & CTO Jim Broome that explain how to overcome those challenges.
Resource constraints
The most common challenge for CISOs is resource constraints: not enough staff, budget or technology to support the security program needed or meet compliance requirements. The World Economic Forum found there’s a global shortage of nearly 4 million professionals in the cybersecurity industry as demand continues to increase – and that shortage is after a 12.6% growth in the cybersecurity workforce between 2022 and 2023. The government and healthcare sectors are among those experiencing the greatest cybersecurity workforce shortages, which presents unique challenges because these industries are so highly regulated.
“This same narrative has been repeating for years; businesses are moving to the cloud and facing tighter compliance regulations – all while budgets remain tight and security threats grow more serious,” said Broome. “It all requires more staff with advanced skill sets and an ability to learn and adapt to constant changes – which can lead to burnout.”
CISOs and other security professionals are ripe for burnout. Surveys show that 99% of CISOs work extra hours every week, and 1 in 5 work an extra 25 hours per week. The demands of the cybersecurity work environment have been found to affect the productivity of 64% of cybersecurity professionals, which can lead to increased breaches. Broome believes that the cybersecurity skills gap is one of the biggest challenges when designing for cyber-resilience.
Security customization
The report also points to the lack of security customization. Different industries face unique cybersecurity challenges and what worries one sector may not even concern another. The combination of specific threat actors, technological infrastructure, types of data, and access methods creates a complex web of security risks.
Broome says, “If you’re unsure what you need to strengthen your security program, asking the question, ‘What’s not working?’ can often get you to an answer faster. Are you concerned about ransomware? Are you having problems with employees getting phished? Use this as your starting point.”
Keeping up with cybercrime growth
Finally, CISOs report an inability to keep up with cybercrime growth. Ransomware, extortion, AI, and deepfakes are becoming more sophisticated. Increasingly ransomware is being coupled with extortion and while AI has huge potential for good, it has just as much potential for evil. On one hand, organizations are feeling more confident in adopting generative AI, which will give them an advantage over attackers. Yet, it’s become harder than ever for organizations to protect against social engineering attacks when AI-generated phishing scams can be incredibly convincing.
“We all like to think that we are smart enough to spot a scam, but it is clear that scammers, with the help of AI, are putting time, money and effort into making sure you can’t,” said Broome. “Security awareness training, strong authentication and zero trust programs are preventative methods to protect your organization.”
To learn more about how to combat these three issues, download the report here: https://www.directdefense.com/expert-voices/.
Follow DirectDefense
LinkedIn: https://www.linkedin.com/company/directdefense/
Twitter: https://twitter.com/Direct_Defense
Blog: https://www.directdefense.com/resources/blog/
About DirectDefense
DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com.
###