ansomware Dan Turner, Forcepoint: cybersecurity professionals in CNI work in a climate of high risk and diverse threats. Daniel Hofmann, Hornetsecurity: attacks on businesses are increasing, yet there's a shocking lack of awareness and preparation by IT pros. increases the difficulty of mitigating or controlling the impact of an attack. In the US, the greatest concern was of a power outage, whereas cybersecurity professionals in the UK predict that disruption to personal banking would have the greatest impact." The threat of disruption is also amplified by what cybersecurity professionals believe motivates cyberattacks on CNI. The greatest threats were perceived to be from cyber gangs demonstrating their capabilities, acts of political retaliation, acts of hacktivism and acts of cyber warfare. "Unfortunately, the research has also found many CNI cybersecurity professionals are feeling the pressure of this high-pressure, high-complexity environment. Feelings of stress, anxiety and burnout are affecting over one-third of all CNI cybersecurity professionals [35%, 39% and 36% respectively]. "This is impacting their professional experience, with two-fifths of cybersecurity professionals reporting that the pressure to secure CNI has led them to have a low morale at work (40%), rising to 51% of UK employees. Worryingly, it is also affecting their personal well-being." Adds Dan Turner, vice president at Forcepoint: ""Understanding the challenges our cybersecurity professionals in CNI are facing helps us find better solutions to alleviate the burden on them. They work in a climate of high risk, diverse threats when rapid adoption of new technologies changes security parameters all the time. Knowing what motivates and worries our industry is key - it helps us help them in their efforts to ensure no new threat or technology puts our essential services at risk of disruption, so which, in turn, allows us to secure a safer and more sustainable future for everyone." BIGGEST CHALLENGES TO OVERCOME "Securing an expanding digital footprint is one of the biggest challenges facing companies," points out Sam Curry, chief security officer, Cybereason. "With ransomware attacks surging, the clock starts to immediately tick after ransomware has executed. And when the ransom itself is received, that is a time of high adrenaline, confusion and panic for most. This is actually by design on the part of the attackers. They attack, often, at night, on holidays and weekends to maximise pressure, and, therefore, the chance of poor decisionmaking and capitulation. According to a recent Cybereason study on ransomware attacks, more than 60% of organisations lack preparedness on holiday and weekends, and it limits their ability not only to assess the risk, but stop it as well. Hackers know this and they attack accordingly. "Companies can't pay their way out of ransomware and many decide they won't pay," adds Curry. "Hopefully, they are backing up data, but how quickly can the data be operational? If a company isn't backing up their data and still won't pay, that decision comes with weathering the pain of rebuilding. And what other trade-offs come into play? Can services continue? Is public safety or human life at risk? What is the cost of rebuilding? How long will it take to rebuild etc? There is the arithmetic of recovery, the risk equation, the truly compelling questions like not putting human life at risk and then there is also the ethical question of funding criminal activity." TICKING TIMEBOMB Given the massive strides that the security industry has been making in developing sophisticated network protection technology, this raises a vital question according to Mark Oakton, CEO/Consulting CISO, Infosec Partners: "Why is ransomware still able to keep CISOs awake at night and send shockwaves through the corporate world's boardrooms?" There are many reasons, he believes, including a reliance on outdated technology, combined with poor staff awareness and training - but ultimately the answer lies in human nature. "Ransomware attacks are typically the result of a simple 26 computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2022</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
Secure your modern workplace with awardwinning solutions Do your employees love their work technology and does your organisation trust that every device is safe? Jamf is here to help your organisation by: • Empowering all users to safely stay connected to resources • Protecting company data from the evolving threat landscape • Ensuring privacy and compliance without compromising on end‐user experience www.jamf.com Find out more and request your trial