The stakes could not be higher. The hackers who shut down the US Colonial Pipeline in May 2021 used ransomware-as-a-ser vice that others can attain via the dark web, posing risks to critical organizations throughout the economy and society at large. At the same time, the individuals who infiltrated SolarWinds over several months in 2020 did so via a sophisticated supply chain attack that was largely unfamiliar to security teams.
Attackers are targeting a growing surface area and their tactics are increasingly unpredictable. Just one in three respondents is confident in their ability to make the supply chain suitably robust or water-tight, highlighting the importance of working closely with colleagues in procurement and operations.
Less than half (47%) say they understand and can anticipate the strategies attackers use, an issue that has been illustrated by incidents in which threat actors infiltrate software that is later sold on to customers.
It is not as though the need for rapid transformation has passed . At the time of writing, significant progress has been made in responding to COVID-19, but the crisis will pass through several stages before businesses return to “normal” – whatever that may be.
Employers are, for example, looking to support hybrid working models while unlocking growth in a recovering economy. A recent EY study, Work Reimagined 2021, found that 54% of respondents would consider resignation if their employers refused them the flexibility they were looking for. CISOs should also be aware that half of employees (48 %) want investment in new home-office technology, which opens the possibility for yet more exposure if businesses cannot address security by design.