Getting insights from our peers is one of the most important ways that IT and business leaders gain valuable information. In the security realm, we learn from each other about the threats we face as well as solutions, strategies and services that can help organizations address these threats. The latest version of “The Cybersecurity Insight Report” by CDW is another opportunity for this kind of learning.
This year’s report includes a survey of IT managers and senior business leaders at organizations across the range of industries served by CDW. I’d like to explore the six key insights in the report and provide you with my perspective on these issues.
1. Identity Theft and Malware Are the Biggest Security Concerns
Malware and identity theft stood out as the most prevalent threats, with 56 percent of those surveyed identifying malware as their chief cybersecurity concern. One of the most interesting findings here is that cryptojacking didn’t receive much attention from technology leaders. In our assessments, we’re seeing a dramatic increase in the number of these attacks as cybercriminals seek to quickly monetize compromised cloud computing resources.
2. Reputational Damage Is Considered the Biggest Impact of a Breach
I found it notable that the concerns over the direct financial impacts of a breach are trending downward. It appears that senior leaders are taking a business-focused view of breaches and realizing that long-term reputational damage can be far worse than the short-term financial impact. Facebook experienced this last year when consumer trust in its platform plummeted in the wake of the Cambridge Analytica scandal.
3. Cybersecurity Is Becoming More Integrated
There’s some good news here: Organizations are more likely to incorporate cybersecurity into their software development processes than ever before, and the expanding IT footprint into the cloud is impacting security decisions. However, there’s also a downside to this integration — security functions are increasingly found inside technology organizations instead of within a broader business risk function. This creates the potential for conflicts of interest that might lead to prioritizing immediate tactical needs over defending long-term business strategy.
4. Decreases in IT Spending May Contribute to Data Breaches
Our research revealed that many organizations (53 percent) that decreased their IT budgets saw an uptick in breaches. From my own experience, many of the security breaches that we witness come as the result of issues that should have been addressed long ago. From weak SSL/TLS configurations to the continued use of outdated authentication mechanisms, our networks need attention to the basics. Cutting security budgets is shortsighted and will exacerbate, rather than remediate, these problems.
5. Organizations Are Becoming More Proactive about Security
This is exactly what we want to see. Our survey showed that 42 percent of organizations are likely to increase their spending on security training, hardware, software and staff moving forward, compared to only 25 percent that felt the same way in 2017. That’s a great contrast to the decrease in spending we’ve seen this year and offers an optimistic view of cybersecurity’s future.
6. Breaches Are Having a Much Bigger Impact
This is consistent with everything we’re hearing in the media. While we’re experiencing fewer breaches overall, the breaches that we do witness are growing more severe. As organizations amass more data, the potential impact of a breach grows. At the same time, attackers are becoming smarter and stealthier, seeking out high-value data targets and exfiltrating data over longer periods of time.
I’m not surprised by any of the results that appeared in this year’s insight report. They confirm the trends that I’ve been seeing among the organizations that CDW works with. Security is growing in importance but continues to struggle to obtain the resources necessary to support a robust program. As our field matures, security leaders must continue to develop their ability to move from arguments focused on fear, uncertainty and doubt to an approach that focuses on the business value delivered by a strong security posture.