Digital cyber threats - an enterprise blind spot?

Tata Consultancy Services has published findings from its TCS Risk & Cybersecurity Study, which reveals that cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organizations.

When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, ecosystem partners came in last place (10th). At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS’ survey shows that only 16% of chief risk officers (CROs) and chief information security officers (CISOs) ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions.

“Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently,” said Santha Subramoni, Global Head, Cybersecurity, TCS. “One way of reducing the probability of an attack within digital supply chains is to implement a ‘zero trust’ policy—a framework based on the principle of ‘never trust, always verify,’ applied not only to humans but also machines.”

When mapping out priorities between now and 2025, CISOs rank governance, strategy, and talent acquisition highly. Ranking highest is the prioritization of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.

TCS’ study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organizations were found to have a slight advantage in retaining and recruiting talent with the notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data center security is preferable to what is available via the cloud. In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.

“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” said Bob Scalise, Managing Partner, Risk and Cyber Strategy, TCS. “Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent.”

Among other findings, the study also highlights:

Some corporate boards may not be sufficiently focused on cyber risks.

One in six respondents reported that their corporate board of directors considers issues related to cyber risk and security only “occasionally, as necessary, or never.” Companies with higher-than-average revenue and profit growth are more likely to discuss cybersecurity at every board meeting.

Cloud platforms are considered more secure than on-premises and traditional data centers.

Sixty-two percent of companies are now as or more comfortable with the security provided by cloud platforms than that of on-premises and traditional data centers—suggesting that the common concern about the cloud in its early days is fading.

The TCS Risk & Cybersecurity Study, published by the TCS Thought Leadership Institute, highlights the most pressing cybersecurity issues facing senior business leaders across Europe and North America. The study is based on results of a survey of more than 600 CISOs and CROs, from companies with at least $1 billion in annual revenue, across banking & financial services, utilities, media & information services, and manufacturing. Topics include global risk, cybersecurity, resilience, and ecosystem/cloud security.  The survey took place in February and March 2022.

Cradlepoint 5G routers ensure the continuity needed to carry out Avon FRS duties.
Commvault has introduced new security capabilities across its entire portfolio.
Kyndryl has unveiled a Cybersecurity Incident Response and Forensics (CSIRF) service to help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s deep domain security experts.
Healthcare workforce platform used by 37,000 clinicians supports staffing for the U.K.’s National Health Service; Lookout Secure Cloud Access provides visibility into usage and access of all corporate data.
Cisco Panoptica will now provide end-to-end lifecycle protection for cloud native application environments, including code and build protection.
The company’s vision for Cisco Networking Cloud will create a simpler network management platform experience to help customers easily access and manage all Cisco networking products from one place.
CipherTrust Data Security Platform as-a-Service allows businesses to rapidly deploy and scale key management and data security services without the need to manage hardware or fund upfront investments.
Research reveals top vendor marketing strategies required to influence buyer awareness and purchasing decisions during challenging economic times.