January 3, 2018 By Rick M Robinson 2 min read

By and large, the news in 2017 was not good on the cybersecurity front. Whether you follow media headlines or industry studies, attacks are up, breaches are larger and threat actors are more sophisticated than ever. Unfortunately, many organizations fail to take basic precautions to mitigate these risks. As a result, breaches often go unreported, leaving millions of customers unaware that their personal data is exposed.

The technical challenges are growing, but technical solutions are also increasingly available. However, many of these tools go unused or unnoticed by organizations. The real issue here is cybersecurity leadership — or a lack thereof.

Staying Out of the Spotlight

CIO Insight detailed some of 2017’s most noteworthy breaches and the blunders that put those companies in a negative media spotlight. Failures at the leadership level included negligence in risk management and poor handling of incidents after they occurred. These lapses ran the gamut from embarrassing to infuriating.

For example, a cybersecurity consulting firm failed to implement basic protections on its network and took months to discover that its most confidential customer discussions were exposed. Similarly, a financial firm failed to notify millions of consumers that their data had been compromised and even endeavored to mislead them once the breach went public.

Study results may not be quite as vivid, but they are just as alarming. According to the Identity Theft Resource Center (ITRC), the total number of breaches rose 40 percent in 2016, and a midyear report by the same firm predicted another 37 percent jump by the end of 2017. Furthermore, a recent Ponemon study revealed that 56 percent of companies experienced a breach due to third-party error last year, a 7 percent increase over 2016.

At least we can conclude that false confidence is not the problem. Only 17 percent of respondents to the Ponemon survey said their organizations were effective in minimizing third-party risk, down from 22 percent a year ago. In addition, only 35 percent said they expected their third-party partners to promptly notify them of a breach. When it comes to fourth parties and beyond, that number fell to just 11 percent.

The Cybersecurity Leadership Deficit

All of these failures, CIO Insight noted, point to “a completely broken mindset and haphazard approach” to cybersecurity. This attitude is shaped from the top, if only passively, through inaction. As such, it can only be changed from the top. That’s why security leaders must help executives understand the organization’s risk posture from both a security standpoint and a business perspective. For their part, top leadership must become more involved in cybersecurity initiatives and budget accordingly.

The essential element of leadership is not in the particulars, but in active engagement with security challenges. Attackers are out there, but effective defense measures are available to help organizations protect their most sensitive data. Cybersecurity leadership consists of recognizing the dangers and taking them on, not reacting with passivity and evading responsibility.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today