What is the greatest current cybersecurity challenge for your organization?
Stopping external cyberthreats (including organized cyber criminals, nation-state actors and ransomware attacks, etc.)33%
Stopping insider cyberthreats (including both deliberate actions and employee mistakes like clicking on bad links.)33%
Workforce rightsizing, including hiring, work from home challenges and other post-Covid workforce (HR) issues.14%
Incorporating new technologies, including the governance and implementation of genai, AI and other new toolsets. Includes retraining existing staff to take advantage of cutting-edge tech.12%
Something else.6%
Sort by:
Greatest challenge is to have 'brains in front of the screen'. Brains that effectively utilise and attain real value of money spent in having those dozens of existing security tools already deployed, with an opex running in millions in licensing costs.
On the contrary I have seen organisations continue to buy more and more of the shiny new toys without thinking of spending on human resources that will be required to operationalise them , derive key risk or performance indicators from them, that leaders can then show on their executive briefings and board dashboards.
Spending on gadgets is somehow seen as an easier job during annual budgeting than making a business case for hiring an inhouse resource focused on having in-depth knowledge of 2-3 security tools at max rather than having a generalist having superficial knowledge about 10.
I am very surprised that no one (yet) has picked the answer of incorporating new technologies, including the governance and implementation of genai and other toolsets...
Why do you think this is? I am hearing from a lot CISOs about genai challenges and especially governance issues.
Most of these tools are still in the testing phase at the moment. I’d love to hear more about what you're thinking. So far, we’ve started building out some of these processes in Risk Cognizance, but I’d really like to understand more about your ideas.
Most organizations already have the tools they need to protect themselves, but many have not fully implemented the necessary technologies. You would think that by now, all organizations would have multi-factor authentication (MFA) enabled on every internet-facing solution, but that is still not the case. Recent major breaches have clearly highlighted this as a critical issue.
The problem today is not just about malicious code executing on endpoints. It is often about users unknowingly giving up their credentials. You might be surprised to learn how many organizations still lack fully developed implementations of key security measures such as secure email gateways, endpoint detection and response (EDR), data loss prevention (DLP), safe link checking, and attack surface monitoring.
Even basic alerting from these tools could provide valuable visibility and significantly strengthen the overall security posture.