Cybersecurity is the No. 1 Risk Leaders Can’t Ignore

May 4, 2022 – Increasingly, organizations of all sizes are awakening to the perils posed by cyber attacks. A new report from IMSA Search outlines the threats and dangers cybersecurity attacks and how to prevent them.

The risk of cybercrime to organizations of all sizes is escalating, with significant costs, and can no longer be ignored by business leaders. The Russian invasion of Ukraine, experts predict, will soon reach far beyond that country’s borders, and affect us far more than at the gas pump. The Department of Homeland Security is warning citizens and businesses across the U.S. to be on high alert for cyber attacks from Russia. Cybersecurity Ventures, a leading researcher and online resource for the global cyber economy, projects global cybercrime costs to increase by 15 percent per year, reaching $10.5 trillion annually by 2025. And according to global cybersecurity leader Trend Micro Inc.’s Cyber Risk Index Report – an annual survey of 2,800 IT managers and practitioners from the U.S., Europe, and Asia-Pacific – 26 percent of global corporations fell victim to seven or more cyber attacks in the past year, and over 80 percent of these expect such attacks to be “somewhat” or “very likely” to succeed.

Since the onset of COVID-19, the demand for enhanced cybersecurity – and cyber talent – across industries has increased exponentially, with specific needs to address the new realities of a world in pandemic mode. According to a new report by executive search network IMSA Search Global Partners, “As companies shut down and employees worked from home in unprecedented numbers, chief information security officers (CISOs) had to create secure connections for this extensive new remote workforce.” The surge in online commerce during the pandemic also required significant systems upgrades. “CISOs had to reallocate budgets to cover COVID-related costs, putting planned security improvements on hold and possibly exacerbating already identified risks and existing threats,” said the report.

“Prior to 2021, cybersecurity was increasingly a pressing topic in most board rooms,” said Steve Martano, a partner in the cyber practice at Artico Search, a leader in the cybersecurity talent space. “The advanced attacks and costly public breaches and ransomware events over the last 12 to 18 months have increased the frequency and depth of those discussions. COVID-19 and the work-from-home trend have accelerated the visibility of the CISO and the security apparatus, as endpoint security and vulnerability management became front and center due to the prevalence of remote work,” he noted.

That has made competition for top chief information security officers fierce as companies seek to protect themselves from potentially crippling cyber attacks. Newly released compensation data from IANS Research and Artico Search shows a wide pay gap, from small companies with nascent cyber programs to multinationals with well-established cybersecurity teams. Notably, female CISOs are out-earning their male counterparts.

Identifying Vulnerabilities, Understanding Consequences
The first step in defending against cybercrime is understanding risks and identifying where your systems are susceptible. Trend Micro’s Cyber Risk Index says that the top cyber threats include: ransomware (malware that cryptically blocks access unless a ransom is paid); social engineering/phishing (techniques to trick people into providing personal data); clickjacking (concealed hyperlinks trick people into unintended actions revealing personal data and allowing control of one’s computer); fileless attacks (tools built into software that allow attack and leave no code, file, or traceable footprint); botnets (unsuspecting network of computers infected by malware and controlled by a hacker); man-in-the-middle attacks (attacker intercepts communications between users, able to “eavesdrop” or alter the communications).

IMSA notes that certain situations present particular vulnerabilities: In automated buildings, every system and device are unique yet connected, each with its own unique cyber risks; and connected devices are easy to infiltrate. Healthcare facilities are high-value targets, with hackers launching constant attacks; medical records are “best sellers,” fetching up to $1,000 per record on the dark web, according to Forbes.

Employee Training and Cybersecurity Policy
An essential component of a good cybersecurity plan is an up-todate, readily available cybersecurity policy. “All employees, from entry level to the C-suite, should understand the policy and be trained to recognize and avoid security risks,” said Mitch Berger, managing partner of IMSA Search Global Partners USA and an IMSA board member. “Many of our clients in the C-suite and HR departments have told us that cybersecurity is now a prominent part of employee onboarding, with hands-on training about online information sharing, passwords and security questions, two-factor authentication for account access, and what to look for in emails and other communications which would signal a cyber threat,” he said.

Prevention is the Best Policy
The effects of any cyber attack can be catastrophic, resulting in business disruption, harm to company or brand image, customer loss, data theft, and in some rare cases, loss of life, according to the IMSA report. The costs can be catastrophic as well. Experts recommend companies get ahead of the problem, addressing vulnerabilities before cyber attacks occur, by implementing the following preventive measures:

• Identify and assess risk areas across applications, devices,
  and people.
• Implement the ability to automate responses to abnormal activity.
• Adapt systems to remotely resolve issues.
• Create policies and action plans for quick and effective response in the face of an attack
• Empower CISOs with appropriate budgetary and human resources to provide proper planning, training, and continual monitoring and upgrading of systems.