More than 77% of respondents cited a tussle between IT and cybersecurity teams.
It is the start of a new decade, and the cybersecurity battle of “good vs evil” rages on.
Experts see tougher challenges in the years ahead, and their work requires a holistic view of how attackers have evolved, what defenders are doing to keep pace, and how security and IT teams can work together in 2020 and beyond.
To help them along, VMware Carbon Black has released a Cybersecurity Outlook report for 2020. The report analyzed attack data from across the VMware Carbon Black Cloud, publicly available sources, and the dark web. Another section included a study from Forrester Consulting to determine specific behavior exhibited by defenders—namely 624 CISOs and CIOs, out of which 19% (119 respondents) were from APAC.
Here are some key findings from the report:
- Ransomware has seen a significant resurgence over the past year.
- The top industries targeted by ransomware over the past year were: Energy and Utilities, Government and Manufacturing, suggesting that ransomware’s resurgence has been a nefarious by-product of geopolitical tension.
- Wipers continue to trend upward as adversaries (including Iran) began to realize the utility of purely destructive attacks.
- 77.4% of survey respondents said IT and security currently have a negative relationship.
- 55% said driving collaboration across IT and security teams should be the organization’s top priority over the next 12 months.
- Nearly 50% of both IT and security respondents reported being understaffed, while the talent gap continues to be a theme across the IT and security landscape.
- In the majority of cases (45%) the CISO is reporting to the CIO. However, nearly half (46%) of CIOs said the CISO should report directly to the CEO.
- When it comes to risk,security leaders said brand protection (81%) is the most important issue for company boards.
Alluding to the negative relationship between IT and security teams, Rick McElroy, one of the report’s authors said: “Defenders must stop thinking about how to achieve results on their own, and must continue to build bridges with IT teams. The time for cooperation is now. We can no longer afford to go at this problem alone.”
According to McElroy, IT teams need to look toward security solutions that are built-in and not bolted-on. “It’s time for security to become part of organizational DNA. It’s time security becomes intrinsic to how we build, deploy and maintain technology.”