Majority of CISOs in the UAE (72%) feel their organisation is unprepared to handle a cyber-attack, according to the 2021 Voice of the CISO report by Proofpoint.
The study also revealed that 70% of those surveyed consider human error to be their biggest cyber vulnerability, proving that the work-from-home model necessitated by the pandemic has tested CISOs like never before.
SEE ALSO: ITP.net Security Week: Navigating the cyber battleground
This year’s Voice of the CISO report examines global third-party survey responses from more than 1,400 CISOs at mid to large sise organisations across different industries. Throughout the course of Q1 2021, one hundred CISOs were interviewed in each market across 14 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan, and Singapore.
The survey explores three key areas: the threat risk and types of cyber-attacks CISOs combat daily, the levels of employee and organisational preparedness to face them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices. It also covers the challenges CISOs face in their roles, position amongst the C-suite, and business expectations of their teams.
“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight. This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments,” said Lucia Milica, global resident CISO at Proofpoint.
“With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond. In addition to securing many more points of attack and educating users on long-term remote and hybrid work, CISOs must instill confidence among customers, internal stakeholders, and the market that such setups are workable indefinitely.”
Proofpoint’s Voice of the CISO 2021 also highlighted that security leaders are on high alert across a range of threats with 68% of surveyed CISOs in the UAE feel at risk of suffering a material cyber-attack in the next 12 months. Among the attacks of threats they expect to face are insider threats (29%), phishing (28%) and Business Email Compromise (25%). Despite dominating recent headlines, supply chain attacks and ransomware were of similar concern with 22%. Cloud Account Compromise (O365 or G suite accounts being compromised) was bottom of the list with 15% – the lowest percentage across all regions.
More than a year on into a pandemic that forever changed the threat landscape, 72% of CISOs in the UAE feel their organisation is unprepared to cope with a targeted cyber-attack in 2021.
The report also found that while 69% of survey respondents believe employees understand their role in protecting their organisation from cyber threats, 70% of CISOs in the UAE still consider human error to be their organisation’s biggest cyber vulnerability. CISOs in the UAE listed using unauthorised devices, tools, and applications as well as falling victim to phishing emails as the most likely ways employees put their business at risk.
Long term hybrid work environments also present a new challenge for CISOs, according to the study as 66% of CISOs in the UAE agree that remote working has made their organisation more vulnerable to targeted cyber-attacks.
Overall, the majority of global CISOs expect their cybersecurity budget to increase by 11% or more over the next two years, and 77% of CISOs in the UAE believe they will be able to better resist and recover from cyber-attacks by 2023.
Top three priorities across the board for UAE CISOs over the next two years are: addressing supplier risk (29%), supporting remote working (28%), as well as enabling business innovation (28%).
“The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cybersecurity defenses has never been more pressing,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint.
CHECK IT OUT: ITP.net kicks off Security Week 2021
“CISOs hold a business-critical function, now more than ever. The findings from our report emphasise that CISOs need the tools to mitigate risk and develop a strategy that takes a people-centric approach to cybersecurity protection and emphasises awareness training to address ever-changing conditions, like those experienced by organisations throughout the pandemic.”
