Which cybersecurity attack is currently your highest priority (to defend against)?

Leadership Architecture

Ransomware and multifaceted extortion32%

Business email compromise41%

Third-party vendor compromise (supply chain)16%

Cloud security incidents7%

I have no idea1%

742 PARTICIPANTS

4.2k views2 Upvotes1 Comment

Sort by:

Group Director of Information Security in Bankinga year ago

Attacks are a symptom. Attack vectors are more important to identify. As an example; Your choices of Ransomware, Cloud security incidents or even 3rd party vendor compromise, the attack vectors is 'identity compromise'. Identity compromise can happen via insecure account credentials, loss of API keys and secrets, session cookies , tokens or inadequate use of OTPs. Now if I flip your question to read,
"Which cyber security attack vector is your highest priority?"
I would answer in below order of priority:

1. Credentials / identity loss of web facing applications ( missing SSO/PAM integration).
2. Patchable vulnerabilities exploitation of web facing applications and endpoint desktops. (Broken / insufficient patch management process)
3. Compromised credentials on admin endpoints (Inadequately configured EDR and missing least privilege access user account on privileged user endpoints, making them susceptible to phishing attacks).

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

In your opinion, which function SHOULD own AI governance at your org?

IT19%

Data and analytics22%

Infosec10%

Privacy5%

GRC9%

Cross-functional working group/center of excellence33%

Something else (explain in a comment)2%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

If you were in the market to address ITSM, Identity Management, Patch & Release Management, and Endpoint Security for a mid-sized company, would you:

A) go with a one-stop-shop if such a solution existed?76%

B) best of breed24%

Which cybersecurity attack is currently your highest priority (to defend against)?

Sort by:

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

In your opinion, which function SHOULD own AI governance at your org?

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

If you were in the market to address ITSM, Identity Management, Patch & Release Management, and Endpoint Security for a mid-sized company, would you:

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Product Management Priorities and Challenges

Data-Driven Customer Experience: Uniting D&A and CX Teams

Navigating Economic Uncertainty in 2024: IT Leader Perspectives

Take Your Insights On-the-Go