CISO Prioritization: Allocating Resources and Outsourcing Strategies While Managing Risks
A recent survey by cybersecurity company Nuspire has shed light on the challenges organizations face in managing their cybersecurity needs. The survey, which included responses from 200 CISOs and IT security decision makers, revealed that two-thirds of these professionals believe their organizations remain vulnerable to cyberattacks.
According to the survey, IT, finance, sales, and marketing departments are identified as the most vulnerable in respective organizations. The most worrisome threats, as per the survey, are internal points of weakness. Ransomware on employee-owned devices and phishing attacks targeting employees are the biggest concern.
Cloud applications and infrastructure, end users and endpoints, email, networks, and software were identified as the digital instruments most susceptible to cyberattacks. Interestingly, the services most likely to be outsourced are also the digital components most susceptible to attack.
Outsourcing cybersecurity needs to third-party vendors can help fill some gaps, but it also introduces other challenges, according to Rick Holland, a cybersecurity expert. Losing internal knowledge can be a challenge when outsourcing cybersecurity services, he added.
The survey found that cloud security posture management, cloud access security broker, and endpoint detection and response are all outsourced at a rate of more than 40%, according to the surveyed IT leaders. However, only 4% of respondents said their organization manages all cybersecurity internally.
The surveyed companies that reported outsourcing more than 40% of their cloud security work to third parties were from various industries, but specific company names were not disclosed. The survey did not provide information about the specific industries or regions the organizations represented in the survey are from.
The survey results indicate a significant gap between investments in cybersecurity and the persistent threats in the IT environment. The findings suggest that CISOs are under pressure to prioritize spending effectively to enhance defense and response capabilities.
Many organizations are struggling to defend and address the threat landscape, and this is exacerbated by a lack of resources and skills. Holland emphasized that organizations still own the risk when outsourcing cybersecurity needs.
The survey was released last week by Nuspire. The surveyed IT leaders were from organizations with up to 10,000 employees and annual cybersecurity budgets ranging from $100,000 to over $3 million. Half of the surveyed respondents identified human error and deficient employee training as the primary cause of IT vulnerabilities.
In conclusion, the Nuspire survey highlights the ongoing challenges organizations face in managing cybersecurity threats. The survey results underscore the need for effective prioritization of spending to enhance defense and response capabilities, and the importance of employee training to mitigate human error.
