The results from a recent survey of 290 security executives from across 11 EMEA countries have been released.
Sixty percent of respondents confirmed that recent global attacks (such as WannaCry) have had a direct effect on the way they protect their enterprises.
These findings are part of a broader survey conducted by the Neustar International Security Council (NICS), based on the personal opinions from hundreds of security professionals, including business managers, senior directors, CTOs and other professionals with a security remit and extensive cybersecurity industry experience.
"The majority of respondents indicating that recent global attacks have directly affected their protection choices shows that while awareness exists, it is clear that there's a disconnect between the concern of attacks and companies actually taking action,” says Rodney Joffe, head of NISC and Neustar senior vice president and fellow.
“This Index will provide tangible insights into how threats are perceived at any given time, which will aid IT decision-makers in justifying vital cybersecurity spending to the board of directors.”
Among other findings, respondents ranked ransomware as the most concerning with 28 percent of respondents selecting this threat followed by system compromise with 21 percent.
The positioning of ransomware as the top chief information security officer (CISO) concern is certainly understandable given the depth and breadth of the WannaCry attack which crippled global systems – it also gives a clear indication of current threat landscape awareness.
44 percent of respondents have focused on increasing their ability to respond to both ransomware and DDoS, confirming that current priorities for CISOs are avoiding both ransom requests and website disruption.
Almost half of respondents believe criminals are increasingly behind threats, while 38 percent agree that that threats from unknowns are on the rise. Meanwhile, 58 percent currently believe threats are increasing most from the world at large while 38 percent say they’re increasing from within a CISO’s own company.
Joffe says understandably, security professionals have their finger on the pulse of the landscape, with the survey responses demonstrating their clear knowledge of attacks and attackers.
“Tracking who respondents think attackers are and where attacks come from will be interesting, as we will be able to see how global events and news headlines might, or might not, influence the answers,” says Joffe.
“If news stories about election rigging lead to a rise in nation/state actors being considered a threat, then this will show up in the Cyber Benchmarks Index and provide a valuable regular touchpoint to take the industry temperature on cybersecurity. The results from this first survey taken in May 2017 have produced an initial index of 6.5, which is slightly elevated."
Joffe says over the coming survey periods, they will track the rise and fall of concerns which will obviously be affected by both external events, and concerns internal to respondents’ organisations.