Cybersecurity knowledge shared by CIOs of the US

Cybersecurity knowledge shared by CIOs of the US

We attended the latest Midsize Enterprise Summit for #IT #leaders in Florida organized by the Channel Company. CIOs from all over the US gathered to exchange and get important updates on #cybersecurity.

We would like to share some of these updates.

An incident is a surprise, your response shouldn’t be

#Cyberattacks – it’s not a question of what if it happens, the question is when? There are more and more of them. An incident is a surprise, your response shouldn’t be, told us Mimecast company. They presented their data showing that 75% of those who were attacked were impacted by ransomware compared to 61% from the previous year. 64% paid the ransom yet nearly 4 out of 10 of them fail to recover their data. Yet only 14% of IT budgets are allocated for cyber resilience. And only 23% of companies provide cyber awareness to their employees

Human Error – fatal error

Human error is still the biggest factor in breaches. Most breaches start with email, some reported that around 95% of them. Area 1 security company, for example, presented their tools that can identify phishing campaigns 24 days in advance, the so-called “preemptive proactive phishing campaign”.

Autonomous pentesting solutions

One of the strategies to secure your organization is to think and act as attackers would. We found it very interested to hear about autonomous #pentesting being one of the solutions on the market that can help in cybersecurity. “If you really want to know you have to attack it to check”, told us Horizon3.ai.

No matter what, you must have a response plan in case of a cyber-attack and it’s something that has to be dynamic and thought about more often than once a year. Because when it comes to an “accident” you don’t have much time to think before you react. Exercise it regularly.

What about Cyber insurance?

It’s important to bridge with a C-suite so that CEOs understand how serious cybersecurity is. For example, when it comes to ransomware – there’s more damage than that – there’s business damage because you can’t serve customers, fulfill orders, work with clients…
Cyber Insurance Policies help businesses stay operational in the aftermath of an attack. But pay attention to every detail of policy, because details can decide at the end. As always when it comes to insurance. Unfortunately, #cyberinsurance rates are going up. But it became necessary to have this.
This was the main message of the roundtable of Midsize Enterprise Summit Spring 2022 of The Channel Company with Adam DennisonAndy Liverman Anderson from DataStream Cyber InsuranceBlaine Carter from FranklinCovey and Kevin Mekler from Mullen Coughlin LLC.

IT skills gap is getting worse

The Channel Company’s survey showed that “the IT skills gap is getting significantly worse as midmarket businesses and organizations grapple with technical talent shortages and employee retention amid the ever-evolving IT landscape, according to a spring 2022 State of the Midmarket survey.

The survey, which had about 120 participants, showed that 18 percent of IT leaders said there is a significant skills gap within their organization, up from eight percent in July.”

Why can’t security teams achieve objectives?

1. Limited Visibility

2. Staff stretched too thin

3. Pace of business change

4. Lack of meaningful metrics

5. Too many tools

6. Expanding attack surface

7. Fragmented investigations

8. Manual and inefficient processes

Source: ReliaQuest

Author: Sasha Mrak Hendrickson, Chief Strategy Officer, Carver Institute