Digital cyber threats - an enterprise blind spot?

Tata Consultancy Services has published findings from its TCS Risk & Cybersecurity Study, which reveals that cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organizations.

When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, ecosystem partners came in last place (10th). At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS’ survey shows that only 16% of chief risk officers (CROs) and chief information security officers (CISOs) ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions.

“Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently,” said Santha Subramoni, Global Head, Cybersecurity, TCS. “One way of reducing the probability of an attack within digital supply chains is to implement a ‘zero trust’ policy—a framework based on the principle of ‘never trust, always verify,’ applied not only to humans but also machines.”

When mapping out priorities between now and 2025, CISOs rank governance, strategy, and talent acquisition highly. Ranking highest is the prioritization of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.

TCS’ study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organizations were found to have a slight advantage in retaining and recruiting talent with the notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data center security is preferable to what is available via the cloud. In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.

“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” said Bob Scalise, Managing Partner, Risk and Cyber Strategy, TCS. “Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent.”

Among other findings, the study also highlights:

Some corporate boards may not be sufficiently focused on cyber risks.

One in six respondents reported that their corporate board of directors considers issues related to cyber risk and security only “occasionally, as necessary, or never.” Companies with higher-than-average revenue and profit growth are more likely to discuss cybersecurity at every board meeting.

Cloud platforms are considered more secure than on-premises and traditional data centers.

Sixty-two percent of companies are now as or more comfortable with the security provided by cloud platforms than that of on-premises and traditional data centers—suggesting that the common concern about the cloud in its early days is fading.

The TCS Risk & Cybersecurity Study, published by the TCS Thought Leadership Institute, highlights the most pressing cybersecurity issues facing senior business leaders across Europe and North America. The study is based on results of a survey of more than 600 CISOs and CROs, from companies with at least $1 billion in annual revenue, across banking & financial services, utilities, media & information services, and manufacturing. Topics include global risk, cybersecurity, resilience, and ecosystem/cloud security.  The survey took place in February and March 2022.

84% of IT professionals have some degree of confidence in their user access security systems to enable remote work securely and easily, up from 56% in 2021.
Allurity has acquired Spanish multinational Aiuken Cybersecurity, as an important step in its journey to becoming Europe's leading cybersecurity provider. Aiuken brings an entire SOC platform spanning three continents, as well as its Cloud Security and SOC-as-a-Service platforms.
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Atos has been awarded a three-year contract with Solent NHS Trust to manage, support and secure its services to enable a better experience of delivering and receiving more effective and good value healthcare.
Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.
Development and security teams can now proactively address the most critical software supply chain risks from code through runtime.
Reposify’s external attack surface management (EASM) capabilities expand CrowdStrike’s robust Threat Intelligence and Security and IT Operations product suites.
Almost half surveyed say they are using hybrid cloud or local cloud service providers as an alternative to AWS, Azure, and Google Cloud to meet sovereignty requirements.