A pair of cybersecurity reports, issued separately by AT&T and Accenture, point to trends of the public sector’s desire to compute at the edge — elevating security concerns there — and the need for CEOs to get more hands-on about cybersecurity.
Early this year, AT&T released its 2022 Cybersecurity Insights Report and later published a report that asserted the public sector in the United States ranked as the lead early adopter in edge computing. AT&T also said it expected that market segment to lead as well in terms of securing the edge. The insights report was based on a survey conducted last September of 1,520 security practitioners from the United States, Europe, Central and South America, and Asia.
Takeaways from the AT&T report include:
- 74% of respondents believed a compromise at the edge is very likely and would be impactful
- 66% expressed concern about ransomware attacks at the edge
- 66% expressed concern about attacks against user and endpoint devices
- 64% expressed concern about attacks via cloud workloads
Meanwhile, the report from Accenture spoke to ways CEOs and CFOs regard and assess their organizations’ cybersecurity accountability. That report used data from Accenture’s State of Cybersecurity Resilience study, which gathered input from some 500 respondents.
A few takeaways from the Accenture report:
- Just 38% of responding CEOs and CFOs were confident that their cybersecurity programs actively protected more than 75% of their organization.
- Nearly all, 91%, of the CEOs and CFOs indicated IT held the most responsibility for cybersecurity.
- About half, 47%, of the CEOs and CFOs said poor allocation of funds prevented them from realizing their organizations’ cybersecurity objectives. Another 46% of CEOs and CFOs said lack of budget was the issue.
Ryan LaSalle, senior managing director, Accenture Security, North America Lead, says he hoped to not see so many CEOs in the study say cybersecurity responsibility rested primarily with IT teams and theirs alone to solve. “It still requires more work to break though,” he says.
There are some CEOs who lead the charge on cybersecurity, LaSalle says, to improve on such matters, but such responses are not very pervasive. “It’s clearly standing out that when they do it, it’s the exception and not the rule.”
A tendency among organizations to simply meet compliance requirements for cybersecurity can hold back more progressive and proactive approaches, LaSalle says. “It gives you a sense of complacency.” Adhering to compliance rules might be enough to avoid fines, but it can still leave an organization exposed. “In many industries, compliance is a really expensive bar; it’s not a low bar,” he says.
The reluctance to openly discuss security events has also led to a veil of secrecy that may prevent organizations from learning from each other about such incidents. “The more CEOs who’ve gone through this, who share their experiences with other CEOS, the more proactive that network becomes,” LaSalle says.
The nature of cyber threats has been influenced in some cases by geopolitical events such as Russia’s invasion Ukraine. As that conflict persists, some bad actors who in the past acted solely for personal benefits might apply their hacking skills as a form of political support. “We are seeing cyber criminal groups who were previously only motivated by monetary gain are now picking sides geopolitically,” LaSalle says. “They’re looking at how their alliances and allegiances to, whether it’s Ukraine or Russia, now inform what they’re doing. They’re attacking each other and they’re attacking as proxies to the belief systems that they’re trying to align around.”
This can lead to bad actors who use ransomware to make a political point targeting companies they believe are counter to their country’s interests. “You get a different threat landscape,” he says. “Businesses have to keep with the attacker motivation.” That motivation might influence the tools the hackers put into play.
Cybersecurity issues may also arise for companies that cease operations in a country or region in conflict, such as the exodus from Russia in response to the invasion. LaSalle says organizations extracting themselves from such situations must look at connectivity, access, and employees who may be stranded. There may also be increased attention and scrutiny from the country they are leaving, as well as retaliation via cyber threats. “You’re going to have to operate in a higher risk posture,” he says.