Cybersecurity teams call on C-suite support in global battle

Confident cybersecurity teams say they’re ready to deal with financially motivated incidents - including ransomware campaigns and attacks by “hacktivist” or nation-state hacking teams - but board members and investors need to pay more attention to cybercrime, according to new research.

Google Cloud company Mandiant unveiled the findings of its Global Perspectives on Threat Intelligence report this week, which provides new insight into how organisations navigate the increasingly complex threat landscape. The report is based on a global survey of 1,350 cybersecurity decision-makers across 13 countries and 18 sectors, including financial services, healthcare and government. 

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organisation is essential, 79% of respondents stated that their organisations make the majority of cyber security decisions without insights into the threat actor targeting them.

While the report found that nearly all respondents (96%) were satisfied with the quality of threat intelligence their organisation uses, respondents declared effectively applying that intelligence throughout the security organisation to be one of their most significant challenges (47%). Further, almost all (98%) of those surveyed said they need to be faster at implementing changes to their cyber security strategy based on available threat intelligence.

Organisations need to improve threat knowledge

According to the survey, 67% of cyber security decision makers believe senior leadership teams still underestimate the cyber threat posed to their organisations, while more than two-thirds (68%) agree their organisation needs to improve its understanding of the threat landscape.

However, despite these concerns, security decision-makers remain optimistic regarding the effectiveness of their cyber defences. When asked about confidence in whether their organisation is fully prepared to defend itself against different cybersecurity events, respondents felt most confident in tackling financially motivated threats, such as ransomware (91%), followed by those conducted by a “hacktivist” actor (89%) and nation-state actor (83%). 

When asked to rank which countries their organisation would be unable to fully defend itself against, more than half of respondents (57%) said Russia, followed by China (53%), North Korea (52%) and Iran (44%).

Just over half of the respondents (53%) felt they could prove to their senior leadership team that their organisation has a highly effective cybersecurity program.

Other key findings include:

• Cybersecurity is only discussed on average once every four or five weeks with various departments within organisations, including the board, members of the C-suite and other senior stakeholders. This is even less frequent for groups such as investors, where the average lowers to once every seven weeks.
• Only 38% of security teams share threat intelligence with a broader group of employees for risk awareness.
• A majority (79%) of respondents said their organisation could focus more time and energy on identifying critical trends.

"A conventional, check-the-box mindset isn't enough to defend against today's well-resourced and dynamic adversaries,” says Sandra Joyce, Vice President, Mandiant Intelligence at Google Cloud. “Security teams are outwardly confident but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organisation. Security teams are concerned that senior leaders don't fully grasp the nature of the threat. This means that critical cyber security decisions are being made without insights into the adversary and their tactics."