CISOs are getting more help after cyberattacks, but often it isn’t helping

Too little, too late?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New research from cybersecurity company Trellix has claimed it’s taking many UK companies until after a cyberattack to deliver sufficient support to CISOs.

Nine in 10 (93%) report getting more board support after a breach has occurred, but this late help often isn’t doing anything to prevent future attacks, with more than half (58%) of UK CISOs experiencing repeated successful attacks in the past five years.

Trellix is now calling for a more “proactive approach” from company boards in order to improve cybersecurity and better support CISOs.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

CISOs don’t get support early enough

According to the report, half (47%) of the CISOs questioned got more technology and tool budget after a cyberattack, suggesting that a reactive approach is being taken to security.

Extended detection and response (XDR) tools are being implemented by more than one-third (37%) of CISOs as part of their security solution upgrade programs.

Trellix cites an unnamed UK CISO: “XDR can actually aggregate and correlate data from multiple sources and, therefore, reduce false positives. We see less alert fatigue in the security teams, and XDR allows us to be proactive rather than defensive and post facto, another big difference.”

Poor prevention is largely being blamed on the lack of adequate technology and incorrect configurations. Even as more artificial intelligence gets injected into defense, half (50%) of Britain’s CISOs say that manual processes are having a negative effect. Others highlighted siloed security (38%) and poor configurations (45%) as inhibitors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Speaking about the “malicious use of AI” and the “surge in nation-state threat activity,” Trellix’s EMEA GM and SVP, Fabien Rech, said:

“CISOs need to have support from the board and executives so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats”

More from TechRadar Pro

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)