Understanding the trends in cybersecurity

Cyberattacks on businesses are getting more powerful and harder to stop. To understand what this means for companies we use Raytheon's study to gain some insights.
22 March 2018

Cybersecurity is on the agenda in every boardroom this year | Source: Shutterstock

Companies have a lot to lose when it comes to cyberattacks, especially because we now live, work, communicate, and transact in a digital world.

Hackers can not only cause massive financial damages but also significantly mar their reputation.

The Equifax hack, for example, has done irreparable damage to the company, causing it to lose the trust of the American public, millions in future earnings, nearly US$4 billion in the stock market, and also forced its CEO to resign.

Sony, the Hilton Hotels, Tesco, Chipotle, and even Tesla have been hacked, and although the damages haven’t been as severe as it has been for Equifax, there is no guarantee that the next attack won’t be significantly damaging.

However, companies aren’t just sitting around waiting to be hacked, they’re putting together teams and roping in specialists, to help them prepare for the cyberwars – to prepare a defense system so strong that cybercriminals steer clear of them right from the start.

Recently, Raytheon surveyed 1,100 senior IT practitioners to understand the changes occurring in the cybersecurity ecosystem.

Here are some of the interesting (and somewhat alarming) things that their study revealed:

The Internet of Things is an open door: 82 percent of respondents predict unsecured IoT devices will likely cause a data breach in their organization. 80 percent say such a breach could be catastrophic.

More ransomware on the way: 67 percent believe cyber extortion, such as ransomware, will increase in frequency and payout.

Cyber warfare growing likelier: 60 percent predicted attacks by nation-state actors against government and commercial companies will worsen and could lead to a cyber war. 51 percent of respondents say cyber warfare will be a high risk in the next three years, compared to 22 percent who feel that way today. Similarly, 71 percent say the risk of breaches involving high-value information will be very high, compared to 43 percent who believe that risk is high today.

Confidence is slipping: Less than half of IT security practitioners surveyed believe they can protect their organizations from cyber threats. That’s down from 59 percent three years ago.

For execs, cybersecurity is taking a back seat: Only 36 percent of respondents say their senior leadership sees cybersecurity as a strategic priority, meaning less investment in technology and personnel.

Corporate boards aren’t engaged: 68 percent of respondents say their boards of directors are not being briefed on what their organizations are doing to prevent or mitigate the consequences of a cyber attack.

IT professionals are feeling pessimistic about progress: 54 percent believe their organization’s cybersecurity posture will either stay the same or decline. 58 percent believe staffing problems will worsen, and 46 percent predict artificial intelligence will not reduce the need for experts in cybersecurity.

CISO’s stress levels will rise: When asked to rate their level of stress today and three years from now on a scale from 1 = low stress to 10 = high stress, respondents’ stress rating is expected to rise to a new high of 8.08.

Direct effect on shareholder value: 66 percent believe data breaches or cybersecurity exploits will seriously diminish their organization’s shareholder value.

Now, while all these threats and factors might seem overwhelming, companies need to work together, appoint the right teams, learn from within and outside the industry, and get set to combat these. In fact, here are some of the things that the organizations surveyed are planning on doing:

  1. Expand the CISO’s role and responsibility
  2. Engage in threat intelligence sharing
  3. Require frequent audits and assessments of their security policies and procedures
  4. Hire managed security service providers
  5. Increase investments in big data analytics, artificial intelligence in cyber defense and threat intelligence feeds

And finally, here’s the good news. These are the things that the report found favorable, the trends that Raytheon believes will help improve the state of cybersecurity over the next three years. And while some may be achieved sooner than later, it’s a ray of hope for IT practitioners:

As the threat landscape worsens, organizations will increasingly rely upon the expertise of the CISO: Over the next three years, 72 percent of respondents believe their responsibilities will not be limited to the IT function and will evolve in importance and span of control.

Cybersecurity governance practices are expected to improve: 66 percent of respondents say they expect their senior IT security leaders to require frequent audits and assessments of the effectiveness of their cybersecurity policies and procedures to protect their most sensitive and confidential data assets. 60 percent of respondents say their boards of directors are expected to become more involved in overseeing the IT security function.

Many respondents are optimistic they will be promoted to a better position with greater authority and responsibility: 52 percent of respondents are positive that they will stay in their organization and advance to a position with greater authority and responsibilities, an increase from 45 percent of respondents in the previous study. 36 percent of respondents say they have no plans to change jobs, a slight increase from 34 percent of respondents in 2015.

Companies will invest in enabling security technologies and managed security service providers as part of their cybersecurity strategy: Technologies expected to increase in importance are artificial intelligence, threat intelligence feeds and analytics in cyber defense. It is predicted that more companies will invest in big data analytics, threat intelligence sharing and the engagement of managed service providers.

Companies are expected to improve collaboration and reduce the complexity of business and IT operations: Companies will be more successful in reducing the complexity of their business and IT operations. Organizational barriers such as a lack of cybersecurity leadership and a lack of collaboration among the various functions are expected to improve.