Surging threats, slashed budgets, and cautious optimism: Telstra Ventures shines light on cybersecurity challenges during economic crisis
Telstra Ventures recently organised a discussion featuring industry leaders from AttackIQ, Cofense, and Corvus Insurance to address the dual challenge faced by businesses amidst economic turmoil.
As per Telstra’s forthcoming ClubCISO report, which surveyed 182 global CISOs, businesses are grappling with declining or stagnant cybersecurity budgets coupled with increasingly complex and evolving cyber threats.
The report revealed that 14% of respondents had experienced budget cuts, with a third of them citing economic downturns and potential recessions as the reason.
Meanwhile, 30% of respondents cited profit and loss pressures as the driver behind the budget cuts. The discussion among industry leaders focused on identifying strategies to tackle these challenges effectively.
The escalating and increasingly complex cyber threats have become more prevalent, as evidenced by Cofense’s report, which provides phishing detection and response services.
Cofense Intelligence, which draws insights from its global network of over 35 million people, observed a 569% increase in malicious phishing emails, a 478% increase in credential phishing-related active threat reports published, and a 44% surge in malware identified in 2022.
Another recent study from AttackIQ revealed that endpoint detection and response (EDR) security controls only thwarted top adversary techniques 39% of the time for their cloud customers, highlighting the need for continuous testing to maximize return on investment.
Adding to the challenge is the increasing sophistication of threats, with Cofense reporting a 341% rise in the use of Web3 technologies in phishing attacks in 2022.
Moreover, financial motives are driving attacks, with 37% of breaches detected by Cofense in the past year related to finance. This underscores the risk that cyber breaches pose to businesses’ bottom lines amid economic pressures.
In Q3 of 2022, Corvus observed that ransomware and fraudulent funds transfer were the preferred tactics of threat actors, accounting for more than half of all Corvus claims. This finding further confirmed the prevalence of these tactics.
Despite these worrying developments, there is still a positive outlook. According to a survey of ClubCISO members, 52% reported an increase in their security budget despite economic challenges.
Among them, 39% attributed the increase to the changing threat landscape, indicating a growing awareness of the need to enhance security measures in response to rising risks.
Camille Mendler, Chief Analyst, Enterprise Services, at Omdia, who chaired the panel, framed the conversation by discussing the increasingly fragmented security landscape, and how it is vital that security is seen as a business priority and not just a CISO responsibility.
Keith Ibarguen, CPO, Cofense, called on the industry to collaborate and share intelligence to mitigate threats, with the company announcing that its global network has enabled it to achieve a 99.996% occurrence on phishing analysis over the last year.
Jonathan Reiber, Vice President at AttackIQ, an independent vendor of breach and attack simulation solutions, stressed the importance of democratising cybersecurity to both mitigate cost pressures and tackle threats – and the importance of leveraging resources already available.
In particular, he called on companies to pay close attention to the MITRE ATT&CK Framework, and how it can help companies bolster their security capabilities against known techniques.
Reiber says what’s changed the democratisation of preparedness in cybersecurity is this framework that says this is how an attack works.
“You can then build defences around these methods. We now know what adversaries do. We see the same tactics and techniques repeated over and over. What companies must do is exercise their defences against those known tactics and techniques.” said Reiber
Before the panel discussion, he emphasised the significance of technology, not only in mitigating threats, but also in facilitating companies to obtain cybersecurity insurance and decrease their premiums.
Reiber cited the case of a major bioscience firm, citing how the data provided by AttackIQ had allowed the company to partner with their insurer to lower their insurance expenses, resulting in cost savings during a critical period.
Lori Bailey, Chief Insurance Officer at Corvus Insurance, further emphasised the need for data-driven risk mitigation, and discussed how insurance can be combined with real intelligence on vulnerabilities to make policyholders safer.
Bailey also commented on the urgent need for insurance coverage to be adapted to current threats, “While the cyber attack continuum has been evolving and continues to grow irrespective of the economic environment, with the economic downturn, we are seeing a real increase in activity – and tightening of security budgets,”
“From an insurance standpoint, we’re very focused on making sure that if policyholders are facing budget constraints, they are really focused on the areas that are going to make the most impact and have the most robust outcomes,”
“Events such as the banking crisis over the last few weeks create huge pockets of opportunities for ransomware and threat actors.” said Bailey.
“It’s these types of incidents for which we make sure our policyholders are educated, look for areas where they can protect themselves, and ensure they do not fall victim to these threats.”
Rob Robinson, head of Telstra Purple, EMEA says despite the increasing risk, the industry leaders remained broadly optimistic, particularly given the advent of technology to tackle challenges. However, technology alone is not enough to mitigate threats and people capabilities must be seen as just as important,
“Keeping pace with the rapidly evolving threat landscape requires innovative technology, but that’s only part of the solution.”
“Organisations must also focus on people and actively promote a culture that empowers employees to act as the first line of defence against emerging threats.”
“With 29% of security leaders viewing the human element as a key determining factor of cyber resilience, ingraining security into an organisation’s DNA ensures that security best practices and behaviours become second nature.” said Robinson
