Developing a plan for remote work security? Here are 6 key considerations

With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of vulnerable points distributed across more locations than ever before, as remote workers strive to maintain their productivity. The result? Security teams everywhere are being stretched.

plan remote work security

The Third Global Threat Report from VMware Carbon Black also found little confidence among respondents that the rollout to remote working had been done securely. The study took a deep dive into the effects COVID-19 had on the security of remote working, with 91% of executives stating that working from home has led to a rise in attacks.

Are you making sure your security professionals are up to the task of remote working while security threats are on the rise?

1. Maintain consistency

One way to help mitigate risk is to have your developers and security professionals train at a consistent level so they are all on the same page. Knowing that there is some sort of security architecture at play in your organization and understanding the logistics of how to stress test aspects of that structure will make it easier to prepare for and block attacks.

2. Don’t overlook the details

Training needs to address all aspects of your structure, specifically: information security, data security, cybersecurity, computer security, physical security, IoT security, cloud security, and individual security. Each area of an architecture needs to be tested and hardened regularly for your organization to truly be shielded from security breaches. Be specific about your program: train your staff on how to defend your information around your HR records (SSNs, PII, etc.) and data that could be exposed (shopping cart, customer card numbers), as well as in cyber defense to provide tools against nefarious actors, breaches and threats.

3. Think about the individual

Staff must be trained to know how to lock down computers, so individual machines and network servers are safe. This training should also encompass how to ensure physical security, to protect your storage or physical assets. This comes into play more as the IoT plays a larger role in connecting our devices and BYOD policies allow for more connections to be made between personal and corporate assets. Individual security: each employee is entitled to be secure in their work for a company, and that includes privacy concerns and compliance issues.

4. Keep your head in the cloud

Today, most companies have some sort of cloud presence and security professionals will need to be trained to constantly check the interfaces to cloud and any hybrid on-prem and off-prem instances you have.

5. Invest in learning

With constantly changing layers of architecture and amplified room for breaches as a result of remote working, it’s hard to imagine how security professionals stay ahead of all the changes. One thing that keeps teams on top of their game is professional online learning.

During the COVID-19 shelter-in-place mandate, leading eLearning companies have witnessed a massive increase in hours of security content consumed. For some, security is one of the fastest-growing topic areas which suggests that this year, security is more important. This is likely because of the number of workers who have gone remote and challenges that brings to an organization, particularly in the security department.

6. Consider role-based training

While it’s important to equip teams with skills that apply across function, there is a case to be made for investing in experts. Cybersecurity is not a field where there is a linear path of growth. There are different journeys individuals can take to venture into paths to transition from a vulnerability analyst to a security architect. By looking at individuals within the organization to seek ways to upskill and take on new roles and responsibilities, you have the unique benefit of being able to help them curate roles that fit the needs of the organizations.

It’s not often that a business has a dedicated Remote Team Security Lead, because there was rarely a need for one. Considering the quick transition to remote work and possibility that this is the new normal, organizations can benefit by investing in specific training curated to meet the security needs of remote teams. If this role is cultivated within the organization, there is the added benefit of knowing that the lessons being taught provide direct relevancy to specific needs and increase the attractiveness of investing time and effort into skills training.

Training can be the key to preparing security professionals for the unexpected. But there is no one-size-fits-all lesson that can be delivered or an evergreen degree that can keep up with an industry that changes every day. Training needs to be always on the agenda and it needs to be developed in a way that offers different modalities of learning.

Regardless of how the individual best learns, criterion-based assessments can measure knowledge/skills and act as a guide to true, lasting learning. Developing a culture committed to agility and learning is the key to embracing change.

Cybersecurity after COVID-19: Securing orgs against the new threat landscape

Picture this: An email comes through, offering new COVID-19 workplace safety protocols, and an employee, worn down by the events of the day or feeling anxious about their safety, clicks through. In a matter of seconds, the attacker enters the network. Factor in a sea of newly remote workers and overloaded security teams, and it’s easy to see how COVID-19 has been a boon for cybercriminals.

Cybersecurity after COVID-19

Cracks in cyber defenses

The global pandemic has exposed new cracks in organizations’ cyber defenses, with a recent Tenable report finding just under half of businesses have experienced at least one “business impacting cyber-attack” related to COVID-19 since April 2020. For the most part, COVID-19 has exacerbated pre-existing cyberthreats, from counter incident response and island hopping to lateral movement and destructive attacks. Making matters worse, today’s security teams are struggling to keep up.

A survey of incident response (IR) professionals found that 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.

VPNs, which many organizations rely on for protection, have become increasingly vulnerable and it may be cause for concern that the average update cycle for software patches tends to generally occur on a weekly basis, with very few updating daily. While these updates might seem frequent, they might not be enough to protect your information, primarily due to the explosion of both traditional and fileless malware.

As for vulnerabilities, IR professionals point to the use of IoT technologies, personal devices like iPhones and iPads, and web conferencing applications, all of which are becoming increasingly popular with employees working from home. Last holiday season, the number one consumer purchase was smart devices. Now they’re in homes that have become office spaces.

Cybercriminals can use those family environments as a launchpad to compromise organizations. In other words, attackers are still island hopping, but instead of starting from one organization’s network and moving along the supply chain, the attack may now originate in home infrastructures.

Emerging attacks on the horizon

Looking ahead, we’ll continue to see burgeoning geopolitical tensions, particularly as we near the 2020 presidential election. These tensions will lead to a rise in destructive attacks.

Moreover, organizations should prepare for other emerging attack types. For instance, 42% of IR professionals agree that cloud jacking will “very likely” become more common in the next 12 months, while 34% said as much of access mining. Mobile rootkits, virtual home invasions of well-known public figures and Bluetooth Low Energy attacks are among the other attack types to prepare for in the next year.

These new methods, in tandem with a surge in counter IR, destructive attacks, lateral movement and island hopping, make for a perilous threat landscape. But with the right tools, strategies, collaboration and staff, security teams can handle the threat.

Best practices for a better defense of data

As the initial shock of COVID-19 subsides, we should expect organizations to firm up their defenses against new vulnerabilities, whether it’s addressing staff shortages, integrating endpoint technologies, aligning IT and security teams or adapting networks and employees to remote work. The following five steps are critical in order to fight back against the next generation of cyber attacks:

  • Gain better visibility into your system’s endpoints – This is increasingly important in today’s landscape, with more attackers seeking to linger for long periods on a network and more vulnerable endpoints online via remote access.
  • Establish digital distancing practices – People working from home should have two routers, segmenting traffic from work and home devices.
  • Enable real-time updates, policies and configurations across the network – This may include updates to VPNs, audits or fixes to configurations across remote endpoints and other security updates.
  • Remember to communicate – about new risk factors (spear phishing, smart devices, file-sharing applications, etc.), protocols and security resources.
  • Enhance collaboration between IT and security teams – This is especially true under the added stress of the pandemic. Alignment should also help elevate IT personnel to become experts on their own systems.

Hackers continue to exploit vulnerable situations, and the global disruption brought on by COVID-19 is no different. Organizations must now refocus their defenses to better protect against evolving threats as workforces continue to shift to the next “normal” and the threat landscape evolves.

How do I select an endpoint protection solution for my business?

Endpoint protection has evolved to safeguard from complex malware and evolving zero-day threats.

To select an appropriate endpoint protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Theresa Lanowitz, Head of Evangelism, AT&T Cybersecurity

select endpoint protection solutionCorporate endpoints represent a top area of security risk for organizations, especially considering the shift to virtual operations brought on by COVID-19. As malicious actors target endpoints with new types of attacks designed to evade traditional endpoint prevention tools, organizations must seek out advanced endpoint detection and response (EDR) solutions.

Traditionally, enterprise EDR solutions carry high cost and complexity, making it difficult for organizations to implement EDR successfully. While many security teams recognize the need for EDR, most do not have the resources to manage a standalone endpoint security solution.

For this reason, when selecting an EDR solution, it’s critical to seek a unified solution for threat detection, incident response and compliance, to be incorporated into an organization’s existing security stack, eliminating any added cost or complexity. Look for endpoint solutions where security teams can deploy a single platform that delivers advanced EDR combined with many other essential security capabilities in a single pane of glass, in an effort to drive efficiency of security and network operations.

Overall, organizations should select an EDR solution that enables security teams to detect and respond to threats faster while eliminating the cost and complexity of maintaining yet another point security solution. This approach can help organizations bolster their cybersecurity and network resiliency, with an eye towards securing the various endpoints used in today’s virtual workforce.

Rick McElroy, Cyber Security Strategist, VMware Carbon Black

select endpoint protection solutionWith the continuously evolving threat landscape, there are a number of factors to consider during the selection process. Whether a security team is looking to replace antiquated malware prevention or empower a fully-automated security operations process, here are the key considerations:

  • Does the platform have the flexibility for your environment? Not all endpoints are the same, therefore broad coverage of operating systems is a must.
  • Does the vendor support the MITRE ATT&CK Framework for both testing and maturing the product? Organizations need to test security techniques, validate coverage and identify gaps in their environments, and implement mitigation to reduce attack surface.
  • Does it provide deeper visibility into attacks than traditional antivirus? Organizations need deeper context to make a prevention, detection or response decision.
  • Does the platform provide multiple security functionality in one lightweight sensor? Compute is expensive, endpoint security tools should be as non-impactful to the system as possible.
  • Is the platform usable at scale? If your endpoint protection platform isn’t centrally analyzing behaviors across millions of endpoints, it won’t be able to spot minor fluctuations in normal activity to reveal attacks.
  • Does the vendor’s roadmap meet the future needs of the organization? Any tool selected should allow teams the opportunity for growth and ability to use it for multiple years, building automated processes around it.
  • Does the platform have open APIs? Teams want to integrate endpoints with SEIM, SOAR platforms and network security systems.

David Ngo, VP Metallic Products and Engineering, Commvault

select endpoint protection solutionWith millions working remotely due to COVID-19, laptop endpoints being used by employees while they work from home are particularly vulnerable to data loss.

This has made it more important than ever for businesses to select a strong endpoint protection solution that:

  • Lowers the risk of lost data. The best solutions have automated backups that run multiple times during the day to ensure recent data is protected and security features such as geolocation and remote wipe for lost or stolen laptops. Backup data isolation from source data can also provide an extra layer of protection from ransomware. In addition, anomaly detection capabilities can identify abnormal file access patterns that indicate an attack.
  • Enables rapid recovery. If an endpoint is compromised, the solution should accelerate data recovery by offering metadata search for quick identification of backup data. It’s also important for the solution to provide multiple granular restore options – including point in time, out of place, and cross OS restores – to meet different recovery needs.
  • Limits user and IT staff administration burdens. Endpoint solutions with silent install and backup capabilities require no action from end users and do not impact their productivity. The solution should also allow users and staff to access backup data, anytime, anywhere, from a browser-enabled device, and make it possible for employees to search and restore files themselves.

James Yeager, VP of Public Sector, CrowdStrike

select endpoint protection solutionDecision-makers seeking the best endpoint protection (EPP) solution for their business should be warned legacy security solutions are generally ineffective, leaving organizations highly susceptible to breaches, placing a huge burden on security teams and users.

Legacy tools, engineered by on-premises architectures, are unable to keep up with the capabilities made available in a modern EPP solution, like collecting data in real-time, storing it for long periods and analyzing it in a timely manner. Storing threat telemetry data in the cloud makes it possible to quickly search petabytes of data in an effort to glean historical context for activities running on any managed system.

Beware of retrofitted systems from vendors advertising newer “cloud-enabled” features. Simply put, these “bolt-on” models are unable to match the performance of a cloud-native solution. Buyers run the risk of their security program becoming outdated with tools that cannot scale to meet the growing needs of today’s modern, distributed workforce.

Furthermore, comprehensive visibility into the threat landscape and overall IT hygiene of your enterprise are foundational for efficient security. Implementing cloud-native endpoint detection and response (EDR) capabilities into your security stack that leverages machine learning will deliver visibility and detection for threat protection across the entire kill chain. Additionally, a “hygiene first” approach will help you identify the most critical risk areas early-on in the threat cycle.

Cybercriminals banking on finance: Mitigating escalation

When it comes to cyber attacks, no industry is safe. But according to Boston Consulting Group research, financial service firms experience up to 300 times as many cyber attacks per year compared to companies in other industries. No financial firm is ever safe, especially as cybercriminals become more determined and sophisticated in their attack methods.

cybercriminals sophisticated

The dramatic increase in attacks against the financial industry can be attributed to three factors:

1. The COVID-19 pandemic has forced many employees to work remotely, further increasing the attack surface, making them easier targets
2. Cybercrime syndicates have adopted new attack methodologies, which traditional cybersecurity controls cannot defend against
3. Cybercriminals are, in some cases, being seen as patriots by their respective nations and acting as nefarious “cyber Robin Hoods.”

Cashing in on COVID-19

According to recent data, cyber attacks against the financial sector increased by 238 percent from February to April 2020, amid the COVID-19 surge. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the pandemic is no exception. In fact, notable spikes in attacks can also be correlated to key days in the COVID-19 news cycle, such as March 1, 2020 when many states in the U.S. declared COVID-19 a public health emergency. This suggests attackers are being opportunistic and leverage breaking news to take advantage of vulnerable populations.

These cyber attacks are often performed with social engineering campaigns, leveraging malicious emails that lure victims to install malware which steals financial data and other valuable personal information. Attackers have been using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware.

This can be increasingly damaging as the pandemic has already resulted in many people losing their jobs. It’s clear the attackers are not slowing down amid the pandemic, which means understanding their behaviors has become more important than ever before.

Money is the motive: Understanding attacker tactics

Financial institutions have reported cybercriminals are becoming more sophisticated, leveraging highly targeted social engineering attacks and advanced procedures for hiding malicious activity. The criminals’ goal is to exploit weaknesses in people, processes and technology in order to infiltrate the network and gain the ability to transfer funds and withdraw sensitive data.

For example, the most popular Trojan attack recently has been Kryptik. This malware is believed to be Russian-made and is successful because of its anti-emulation, anti-debugging, and code obfuscation features, which prevent analysis and allow for persistence. And while social engineering is still very prevalent, there has been a shift away from spear phishing toward island-hopping, as attackers try to gain a foothold and then jump to additional targets.

The modern cybercriminal understands that it is more lucrative to island-hop from the bank’s environment in order to attack its customers, which is why there are a variety of island-hopping attacks seen today.

The most common attacks seen in the financial sector is reverse business email compromise. These attacks occur when a hacker successfully takes over a victim’s email server and executes fileless malware attacks against members of the organization as well as the board. This has become easier for attackers as more employees are working from home, where their network security can be more easily compromised.

Watering-hole attacks make up one in every five attacks on financial institutions. In this case, hackers target a website frequently visited by partners or customers of the organization they are trying to breach. A majority of financial institutions reported increased attempts of wire fraud transfer since 2019. These attacks are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.

Hackers aim to identify websites that a majority of people are looking to gain information from. In this case, many people are looking to financial institutions to help them through trying times, and unfortunately hackers are taking advantage of that.

Bank heist: From heists to hostage situations

Cybercriminals are escalating their attacks as they fight back to maintain persistence. If it can’t be stolen, it will be destroyed – similar to burning a house down versus robbing it. And, increasingly, destructive attacks are being leveraged as counter incident response techniques. Trust and confidence can be undermined as cybercriminals appreciate that it is more valuable to commandeer the digital transformation efforts of the financial institution than to target its customers directly.

In order to fight against these attacks, financial institutions must conduct regular cyber threat hunting exercises to root out any persistent attacker that might already be inside. A shift to an intrinsic security model must occur, one where security is built in and not bolted on to the enterprise. Security teams must integrate security controls, microsegment, employ just-in-time authentication and modernize their endpoint security controls to mitigate the modern bank heist.

As the COVID-19 battle continues, it’s clear attackers will continue to target vulnerable populations and organizations, with an eye on finance. Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever. Cybersecurity is now a brand protection imperative, and the trust and confidence in the safety and soundness of a financial institution will depend on it.

Know thy enemy: The evolving behaviors of today’s cybercriminals

Organizations in the energy/utilities, government, manufacturing, and healthcare sectors have witnessed an increase in cyberattacks over the past year. In fact, recent research found that nearly 1,000 government agencies and healthcare institutions experienced attacks in 2019. As these industries evolve and become more digitized, attackers have the opportunity to access more data than ever before.

behaviors cybercriminals

In order to understand cybercriminals’ motives and gameplay, we need to understand their evolving behaviors:

Malware behaviors

A recent example of malware evolution can be seen in software packing and defensive evasion (e.g., hidden window). Software packing is a method of compressing or encrypting a file or program, while defense evasion consists of techniques that attackers use to avoid detection throughout their compromise.

Attackers may implement hidden windows to conceal malicious activity from users’ sight as not to alert them to adversary activity on the system. For example, at first glance, defenders may see what initially appears to be ransomware, but upon further inspection they might discover that the decryption component is removed or ineffective, and that destruction is the malware’s ultimate goal.

Ransomware behaviors

Ransomware continues to be a dangerous cyber threat and has gotten more pervasive. Defenders have observed an increase in the number of ransomware variants as well as new ransomware behaviors witnessed on a recurring basis. Out of the ransomware samples analyzed in 2019, 95% exhibited defense evasion behaviors. Moving forward, we should expect to see continued use of defense evasion methods, especially from nation-state threat actors engaging in extortion.

Wiper attacks

Wipers continue to trend upward as adversaries begin to realize the futility of purely destructive attacks. Burglaries are escalating into home invasions. Wiper attacks include attacks like data destruction and access mining. Access mining is a tactic where an attacker leverages the footprint and distribution of commodity malware and uses it to mask a hidden agenda of selling system access to targeted machines on the dark web.

Data destruction was the top wiper behavior within the last year, and we’ll continue to see this behavior in 2020 and beyond, as evidenced by the recent tensions in the Middle East region. Many of these groups rely heavily on common tactics like spear phishing, brute force attacks and internet-facing systems with unpatched known vulnerabilities.

Protecting against the evolving enemy

Start by asking yourself whether your teams are appropriately staffed? If the answer is yes, then are your teams working collaboratively? Both security and IT teams often feel that being understaffed can greatly impact their ability to perform and adds to the tension between teams.

Executing a consolidated IT management and security strategy will help break down silos and empower both teams to tackle security as a team sport. This strategy will also help IT and security professionals feel optimistic that shared responsibility will become the norm and, eventually, help them become better aligned across many critical areas of the business.

To tackle modern cybercrime we must modernize how we conduct incident response to prevent an escalation to destructive attacks. Assume that the adversary has multiple means of gaining access into the environment. Shutting off one entry point may not actually remove them from your network. In fact, it will very likely have the opposite effect: it will notify the attacker(s) that you’re onto them.

1. Watch and wait. Do not start blocking malware activity and shutting off access. Do not immediately terminate the connection to the command and control server. To understand all avenues of re-entry you must monitor the situation to fully grasp the scope of the intrusion, to effectively develop a means of removing the adversary from the environment.

2. If you must deploy agents, do so in monitor-only mode. If you began blocking or otherwise impeding the cybercriminals’ activities, they will catch on and change tactics, potentially leaving you blind to their additional means of re-entry.

Attackers will continue to evolve their attack behaviors and defenders must shift their thinking but also their people, processes, and technologies to deal with them. If nothing else, we should use these attacks as a reminder that it’s time security becomes intrinsic to how we build, deploy and maintain technology.

Delta Risk partners with VMware Carbon Black to improve endpoint protection

Delta Risk, a leading provider of SOC-as-a-Service and security services, announced that it has expanded its partnership with VMware Carbon Black, a leader in cloud-delivered, next-generation endpoint security.

The partnership includes fully integrated managed detection, response, threat hunting, and monitoring capabilities via Delta Risk’s ActiveEye security platform for customers using VMware Carbon Black solutions, providing improved endpoint visibility for organizations of all sizes.

“Delta Risk has made significant enhancements this year leveraging VMware Carbon Black Cloud Solutions, including Endpoint Standard and Enterprise EDR, to keep clients safe from cyber threats,” said Victor Baez, Senior Director of WW Channel for VMware Carbon Black.

“They’ve enabled many of our incident response (IR) partners and managed service providers (MSPs) to provide 24×7 post-breach monitoring in conjunction with dozens of IR monitoring engagements in the last 90 days alone, all of which are now being managed and monitored continuously through ActiveEye.”

Delta Risk’s ActiveEye integration with VMware Carbon Black includes:

  • Detection and Response functionality that uses analytics, orchestration, and automation to prioritize threats
  • Key Performance Indicators (KPIs) to report back to the executive team and board of directors on security program progress, co-managed with Delta Risk customers through the ActiveEye portal and tracked consistently with their team
  • Single view and access to data/reports across the various security controls, with a focus on a “customer first” experience, and
  • Deep knowledge and understanding across the Carbon Black platform for ease of onboarding and continued adoption.

“As a managed security services provider, it’s critical that we integrate with best-in-class companies like VMware Carbon Black to best serve our clients and partners,” said Jason Peoples, Director of Partnerships, Delta Risk.

“Our ActiveEye security platform processes more than six billion events daily, and automation resolves more than 95 percent of them. This integration allows our partners and clients to focus on actual threats instead of being distracted by false positives and resolve threats faster.”

Delta Risk provides Managed Detection and Response for VMware Carbon Black’s entire suite of next-generation endpoint protection solutions, including VMware Carbon Black Cloud, VMware Carbon Black Cloud Endpoint Standard, VMware Carbon Black Cloud Enterprise EDR, VMware Carbon Black Cloud Audit and Remediation, VMware Carbon Black Cloud Managed Detection, VMware Carbon Black App Control, and VMware Carbon Black EDR.

Modern malware is increasingly leveraging evasive behaviors

Modern malware is increasingly leveraging evasive behaviors, a new report by VMware Carbon Black released at RSA Conference 2020 has revealed. The report uncovers the top attack tactics, techniques, and procedures (TTPs) seen over the last year and provides specific guidance on ransomware, commodity malware, wipers, access mining and destructive attacks.

malware evasive behaviors

Among some of the key findings from the report:

  • Defense evasion behavior was seen in more than 90 percent of the 2,000 samples they analyzed
  • Ransomware has seen a significant resurgence over the past year. Defense evasion behaviors continue to play a key role with ransomware (95 percent of analyzed samples).
  • The top industries targeted by ransomware over the past year have been: Energy and Utilities, Government and Manufacturing, suggesting that ransomware’s resurgence has been a nefarious byproduct of geopolitical tension.
  • Ransomware’s evolution has led to more sophisticated Command and Control (C2) mechanisms and infrastructure for attackers. Cyber criminals continue to leverage standard application protocols in network deployments to operate under the radar and blend in with standard business traffic. They are also deploying secondary C2 methods on sleep cycles, allowing them to wake up a new method of C2 upon discovery or prevention of their primary method.
  • Wipers continue to trend upward as adversaries (including Iran) began to realize the utility of purely destructive attacks. Leveraging techniques across the full spectrum of MITRE ATT&CK, wipers rely heavily upon Defense Evasion techniques to avoid detection (64 percent of analyzed samples).
  • Classic malware families have spawned the next generation. Throughout our research, we analyzed malware (such as NotPetya) that initially appeared to be ransomware, but upon further inspection, found the decryption component removed or ineffective, resulting in purely destructive malware.

VMware Carbon Black also collaborated with Forrester Consulting on a 624-person survey (IT / security manager and above, including CIOs and CISOs) to explore the current state of IT and security relationship dynamics from the C-level to the practitioner level, and how these will evolve.

Key highlights of the survey include:

  • IT and security teams appear to be aligned on goals (preventing breaches, efficiency, incident resolution) but 77.4 percent of survey respondents said IT and security currently have a negative relationship, according to our study conducted with Forrester Consulting.
  • 55 percent of survey respondents said driving collaboration across IT and security teams should be the organization’s top priority over the next 12 months, according to the study.
  • Nearly 50 percent of both IT and security respondents reported being understaffed with security respondents noting their teams are currently 48 percent understaffed and IT teams are 26 percent understaffed.
  • The study found that, in the majority of cases (45 percent) the CISO is reporting to the CIO. However, when asked who should the CISO report to, most respondents (37 percent) said directly to the CEO. Of note, nearly half (46%) of CIOs said the CISO should report directly to the CEO.
  • The talent gap continues to be a theme across the IT and security landscape. According to the study, 79 percent of respondents said finding the right security talent is either “very challenging” or “extremely challenging” and 70 percent reported the same level of challenge for IT talent.
  • More than 50 percent of survey respondents said that both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years.
  • When it comes to risk, security leaders said brand protection (81 percent of respondents) is the most important issue for company boards.
  • Both security and IT have seen increased investments over the last year. Among survey respondents, 77 percent said they purchased new security products, 69 percent reported an increase in security staff and 56 percent reported an increase in IT staff.

malware evasive behaviors

“Defenders must stop thinking about how to achieve results on their own. Defenders must continue to build bridges with IT teams. The time for cooperation is now. We can no longer afford to go at this problem alone. We need IT teams to look toward security solutions that are built in and not bolted on. It’s time for security to become part of our organizational DNA. It’s time security becomes intrinsic to how we build, deploy and maintain technology,” said Rick McElroy, one of the report’s authors.