Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater support from their organization after a breach. A majority of businesses chose to switch cybersecurity vendors in the aftermath of a breach, with many turning to solutions incorporating greater automation and integration. Extended detection and response security company Trellix published its "Mind of the CISO: Behind the Breach" report on Nov. 28. The publication presents data on CISOs' experiences before, during and after a major cybersecurity incident, as well as insights from more in-depth interviews with more than a dozen CISOs from the United States, United Kingdom and Australia. All the survey participants and interviewees managed at least one major incident within the last five years, with 63% reporting that they managed more than one major breach. While more than a fifth of respondents reported job loss or redundancy as one of their organization's responses to a breach, the report notes that the percentage has decreased over the years. Firings and layoffs occurred nearly a third of the time in the aftermath of breaches that occurred three or more years ago, while only 13% of breaches in the last year prompted organizations to separate with cybersecurity staff members. More than a third of organizations created new jobs or responsibilities after a breach. "As breaches not only continue but many organizations find themselves experiencing repeat attacks, there is an evolving realization that any one person or team cannot be 'blamed,'" Trellix CISO Harold Rivas told SC Media. While 34% of CISOs said they believed their people needed a "Complete overhaul" after a major cyber incident, dismissing and replacing team members is not necessarily the right solution. Of the "People gaps" reported by CISOs in the survey, the most common were threats missed off-shift or by outsourced staff, followed by lack of security operation center analysts, threat hunters or responders, and gaps in IT skills and knowledge needed to handle an incident. "The most important asset or factor in IT or security is not the technology, not the policy or process, not the tools, it's the people," said one CISO interviewed and quoted in the report. While job security after a breach appears to be increasing, cybersecurity vendor loyalty after a cyberattack is relatively low, the survey found. About two-thirds of respondents said they switched or planned to switch their primary security vendor as the result of a major cyber incident. "Replacing a vendor likely feels like the quickest turn change to implement, especially with 46% of CISOs receiving increased budget for additional technology following an attack." CISOs surveyed said incorrectly configured technology, gaps in the security capability of technology and siloed technologies played a role in major cybersecurity incidents. Many CISOs are shifting their overall approach to cybersecurity and seeking automated solutions in the aftermath of a cyberattack. Rethinking of an organization's overall security strategy was reported by 42% of respondents, and 37% said more automation and orchestration was added to improve their security posture. Of the types of security solutions implemented after a breach, managed detection and response was most popular followed closely by data loss prevention and XDR. The survey results also showed CISOs looked for benefits including better visibility of threat landscapes, reduced manual strain on SOC teams and real-time automation when shopping for XDR solutions.
This Cyber News was published on www.scmagazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000