A C-Suite United on Cyber-Ready Futures

Findings from the 2023 Global Digital Trust Insights

It’s a bold new world in business.

Driven by events no one could have foreseen, leaders in recent years have pushed their companies and themselves beyond their comfort zone: out of the office to remote workplaces; into the cloud; along chains of supply that are almost completely digital. And with each new venture has come new cyber risks.

Good news: CISOs and cyber teams have risen to the challenge and other C-suite executives have joined forces with them. More than 70% of 3,522 respondents observed improvements in cybersecurity in the past year — thanks to cumulative investments and C-suite collaboration.

But the goalposts keep moving so there’s more work to do — and in a tough economic environment:

Fewer than 40% of senior executives say they have fully mitigated the risks their bold moves incurred.
By their own assessments, CISOs see the need to advance further on five cyber capabilities: identify, detect, protect, respond, recover.
Senior execs see heightened threats to their organisation and worry they’re not fully prepared to address them.
In 2023, these challenges loom: mandated disclosures, tests of resilience, and pressure to get data security and privacy right.

Cybersecurity has become a more dynamic field, rapidly adjusting and shifting to keep apace with business inventiveness.

This agility is what’s needed for the tougher challenges ahead. How can each of you continue to make a difference? Where should CISOs and cyber teams wield influence for the greatest effect?

The C-suite playbook on cybersecurity and privacy, featuring our latest survey, Global Digital Trust Insights, highlights what lies ahead in 2023 and how executives can work together for cyber-ready futures.

A catastrophic cyber attack is the top scenario in 2023 resilience plans. Such an attack would surely put C-suite alliances to the test.

Two-thirds of executives consider cybercrime their most significant threat in the coming year. Cybercriminals, increasingly using off-the-shelf tools, can perpetrate and orchestrate a variety of attacks.

38% expect more serious attacks via the cloud in 2023

The breach: Attackers exploit a misconfiguration in a company’s cloud-hosted internet-facing application and steal user data to sell on the black market.

Consequences: Costly notifications to data owners. A possible class-action lawsuit against the company. Damage to the enterprise’s reputation.

What went wrong: Inadequate security, no defence in depth, coding errors, inadequate testing of written and library code, improperly encrypted data.

How to work together for better defence:

CIO: Enable DevSecOps in application development, as well as thorough pre-launch testing. Remediate misconfigurations from both users and automated deployments.
CISO: Establish and enforce policies and procedures for securing applications and data, vulnerability and penetration testing, regular patching, continuous compliance monitoring, and security event and incident monitoring (SIEM).
CTO: Require that cloud service providers and third parties provide dashboards and tools to detect misconfigurations across their environments.
CDO: Confirm that apps comply with privacy requirements and that customer data is partitioned and encrypted for better protection. Put into place solutions that encrypt data at rest, in transit and while in use.

29% of large organisations expect an increase in OT attacks

The breach: A manufacturing system is impacted by a ransomware event due to exploitable vulnerabilities existing in legacy operating systems.

Consequences: Production stops as affected systems are shut down to prevent damage from spreading. Impacts ripple through the supply chain.

What went wrong: Hackers exploit unpatched vulnerabilities to inject ransomware. The exploited vulnerabilities were previously patched in enterprise systems, however due to a lack of patch management, monitoring and detection capabilities for the legacy systems, the vulnerabilities remained undetected.

How to work together for better defence:

CIO: With CISO and CTO, map convergences and critical interdependencies between IT and OT systems.
CISO: Work with CIO and CTO to require separation of IT and OT, develop a secure landing zone that obscures OT from direct access, and train employees on proper access and incident response roles.
CTO: With CISO and CIO, create a plan for patching and monitoring endpoints.
CRO: Develop methodology to assess the cyber risk present in the OT environment. Include scenarios and rehearse incident response procedures that join IT and OT response processes.
COO: Weigh cybersecurity in the procurement process for your industrial control systems, in contracting with cloud providers, and in defining service agreements with external service providers.

45% of security and IT execs expect further rise in ransomware attacks

The breach: A medical employee opens a document in a phishing email, activating malware. Consequences: Service disruption and a near-complete shutdown of networks.

What went wrong: Antivirus software was running out of date rules that failed to detect malware embedded in the malicious attachment. The lack of multi-factor authentication allowed the attackers to obtain initial access. Unnoticed on the corporate network for eight weeks, the cyber criminals conducted reconnaissance of the network and eventually compromised a domain admin account, giving them elevated privileges to launch malware that shut down much of the core IT infrastructure and compromised backups.

How to work together for better defence:

CEO: Support security awareness training throughout the organisation.
CIO: Review the connections between IT systems and the healthcare environment.
CTO: Assess the vulnerability of medical devices in a scenario that targets devices.
COO: Help CIO, CISO size up effects on patient safety.
CISO: Bridge security gaps between IT and healthcare operations.
CDO: Work with COO, CISO, CPO to assess damage from theft/corruption of customer data.
CRO: Conduct test of resilience with crisis and BC/DR teams.
CFO: Work with CISO, CIO on any disclosures to regulators and the public. Review cyber spending, including cyber insurance, with CISO, CIO in light of discovered vulnerabilities. Decide on policy for ransomware payment.
Board: Get insight on management’s tabletop exercise to prepare for a ransomware attack. Confirm when the board will be informed about a cyber incident or ransomware attack.