Ivanti has released the results of its 2024 State of Cybersecurity Report. With the increasing complexity of the threat landscape and evolution of threat-actor tactics, cybersecurity professionals are facing a constant battle to keep pace with the ever-changing techniques used by malicious actors. This has led to a greater need for innovative and adaptive security measures.
Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk. Due to insufficient data, IT and security professionals report the following:
• 63% report that siloed data slows down security response times.
• 54% report that siloed data weakens their organization's security posture.
• 41% struggle to collaboratively manage cybersecurity.
• Struggle to make informed security decisions regarding software employees use (including shadow IT) (47%), devices accessing the network and/or corporate resources (42%) and determining what vulnerabilities are exposing their systems (41%).
“While data silos can be a technology issue, resolving them and gaining a comprehensive understanding of an organization's risk landscape requires leadership. However, CIOs and CISOs are at odds. They face a tug-of-war challenge between enabling employee productivity while ensuring data security, which can lead to an increase in cyberattacks. To foster a more secure workplace, collaboration is essential,” said Jeff Abbott, CEO, Ivanti. “When there is CIO and CISO alignment, it helps both parties build consensus on organizational risk tolerance while promoting cross-functional security and IT data collaboration. This eliminates costly ripple effects and increases data accessibility for investments in AI.”
Data silos are a universal problem for CISOs and CIOs — and a particularly thorny one given the speed of investments in AI, which will require data integration and accessibility. To ultimately strengthen an organization’s security posture and drive transformation, there needs to be CIO and CISO alignment and executive buy-in on security. According to Ivanti’s research, cybersecurity is widely viewed as a top priority, even at the board level. Fully 80% of those surveyed say their boards include someone with security expertise, and 86% report it’s a topic of discussion at the board level. This is promising to hear in light of the various cybersecurity concerns raised by the study.
For instance, when it comes to a practice called BYOD (bring your own device), IT and security teams use tools that were designed for just in-office usage and have no effective way to track and manage employees’ personal devices at work.
• Just 63% can track BYOD alongside corporate-owned IT assets, yet 78% say employees use their personal devices at work even when it’s forbidden.
• 81% of office workers admit they are using some type of personal device for work.
• Of the 81%, half are logging in to networks and work-affiliated software on their personal devices. And 40% say their employers don’t know about their activities.
Another cause for concern – 54% of office workers were not aware that advanced AI could impersonate anyone’s voice. Ivanti’s research finds that 95% of IT and security professionals believe that security threats will be more dangerous due to AI. However, despite the elevated risk posed by AI, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks.
Taking these various concerns into account, the report emphasizes the critical need for alignment between the CIO and CISO in their approach to security mandates. This alignment can help organizations identify areas of friction and make operational improvements, eliminate data silos that hinder response times and conceal crucial insights, and gain a thorough understanding of the software supply chain. Ultimately, this collaborative effort fosters mutual accountability and enhances overall security posture.
Ivanti surveyed over 7,300 executive leaders, IT and cybersecurity professionals and office workers in October 2023 to understand today’s most pressing cybersecurity threats as well as emerging trends, opportunities and business strategies.